From cvs at cvs.gnupg.org Mon Apr 1 04:58:22 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 01 Apr 2013 04:58:22 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-97-g79d7e1d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 79d7e1d86bbd658c14a2f9cf3b7b4b5562df17c3 (commit) from c3495209ee6bdac6d6c631ded632fd540596f6e4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 79d7e1d86bbd658c14a2f9cf3b7b4b5562df17c3 Author: NIIBE Yutaka Date: Mon Apr 1 11:42:11 2013 +0900 scd: move SCDaemon to libexecdir. * common/homedir.c (gnupg_module_name): It's now libexecdir. * scd/Makefile.am (libexec_PROGRAMS): Add scdaemon (bin_PROGRAMS): Remove scdaemon. diff --git a/common/homedir.c b/common/homedir.c index 5f2e31e..d0fc5c6 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -410,7 +410,7 @@ gnupg_module_name (int which) #ifdef GNUPG_DEFAULT_SCDAEMON return GNUPG_DEFAULT_SCDAEMON; #else - X(bindir, "scdaemon"); + X(libexecdir, "scdaemon"); #endif case GNUPG_MODULE_NAME_DIRMNGR: diff --git a/scd/Makefile.am b/scd/Makefile.am index 58e2f9b..db339a2 100644 --- a/scd/Makefile.am +++ b/scd/Makefile.am @@ -17,9 +17,10 @@ ## Process this file with automake to produce Makefile.in -bin_PROGRAMS = scdaemon -if ! HAVE_W32_SYSTEM -libexec_PROGRAMS = gnupg-pcsc-wrapper +if HAVE_W32_SYSTEM +libexec_PROGRAMS = scdaemon +else +libexec_PROGRAMS = scdaemon gnupg-pcsc-wrapper endif EXTRA_DIST = ChangeLog-2011 ----------------------------------------------------------------------- Summary of changes: common/homedir.c | 2 +- scd/Makefile.am | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 1 05:17:19 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 01 Apr 2013 05:17:19 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-204-g021767d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 021767d8aa11aac8ac87dc3a31969ee6cfa65966 (commit) from 07227279c44e3af0939f90025a0d22b782d0f185 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 021767d8aa11aac8ac87dc3a31969ee6cfa65966 Author: NIIBE Yutaka Date: Mon Apr 1 11:42:11 2013 +0900 scd: move SCDaemon to libexecdir. * common/homedir.c (gnupg_module_name): It's now libexecdir. * scd/Makefile.am (libexec_PROGRAMS): Add scdaemon (bin_PROGRAMS): Remove scdaemon. diff --git a/common/homedir.c b/common/homedir.c index 6d06749..28e5c9a 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -507,7 +507,7 @@ gnupg_module_name (int which) #ifdef GNUPG_DEFAULT_SCDAEMON return GNUPG_DEFAULT_SCDAEMON; #else - X(bindir, "scdaemon"); + X(libexecdir, "scdaemon"); #endif case GNUPG_MODULE_NAME_DIRMNGR: diff --git a/scd/Makefile.am b/scd/Makefile.am index a0c0369..1af13d0 100644 --- a/scd/Makefile.am +++ b/scd/Makefile.am @@ -19,9 +19,10 @@ EXTRA_DIST = ChangeLog-2011 -bin_PROGRAMS = scdaemon -if ! HAVE_W32_SYSTEM -libexec_PROGRAMS = gnupg-pcsc-wrapper +if HAVE_W32_SYSTEM +libexec_PROGRAMS = scdaemon +else +libexec_PROGRAMS = scdaemon gnupg-pcsc-wrapper endif AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common ----------------------------------------------------------------------- Summary of changes: common/homedir.c | 2 +- scd/Makefile.am | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 4 14:43:36 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 04 Apr 2013 14:43:36 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-205-ge1f7f61 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e1f7f61d1e10fc3ee816970ce611afbc9b654eda (commit) from 021767d8aa11aac8ac87dc3a31969ee6cfa65966 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e1f7f61d1e10fc3ee816970ce611afbc9b654eda Author: Werner Koch Date: Thu Apr 4 14:24:11 2013 +0200 Fix doc for the Expire-Date key generation parameter. -- diff --git a/doc/gpg.texi b/doc/gpg.texi index 0462c9e..7194112 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3310,21 +3310,23 @@ If you don't give any of them, no user ID is created. @item Expire-Date: @var{iso-date}|(@var{number}[d|w|m|y]) Set the expiration date for the key (and the subkey). It may either -be entered in ISO date format (2000-08-15) or as number of days, -weeks, month or years. The special notation "seconds=N" is also -allowed to directly give an Epoch value. Without a letter days are -assumed. Note that there is no check done on the overflow of the type -used by OpenPGP for timestamps. Thus you better make sure that the -given value make sense. Although OpenPGP works with time intervals, -GnuPG uses an absolute value internally and thus the last year we can -represent is 2105. +be entered in ISO date format (e.g. "20000815T145012") or as number of +days, weeks, month or years after the creation date. The special +notation "seconds=N" is also allowed to specify a number of seconds +since creation. Without a letter days are assumed. Note that there +is no check done on the overflow of the type used by OpenPGP for +timestamps. Thus you better make sure that the given value make +sense. Although OpenPGP works with time intervals, GnuPG uses an +absolute value internally and thus the last year we can represent is +2105. @item Ceation-Date: @var{iso-date} Set the creation date of the key as stored in the key information and which is also part of the fingerprint calculation. Either a date like "1986-04-26" or a full timestamp like "19860426T042640" may be used. -The time is considered to be UTC. If it is not given the current time -is used. +The time is considered to be UTC. The special notation "seconds=N" +may be used to directly specify a the number of seconds since Epoch +(Unix time). If it is not given the current time is used. @item Preferences: @var{string} Set the cipher, hash, and compression preference values for this key. ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 22 ++++++++++++---------- 1 files changed, 12 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 5 12:42:45 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 05 Apr 2013 12:42:45 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-108-gf23a068 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via f23a068bcb6ec9788710698578d8be0a2a006dbc (commit) via 855b1a8f81b5a3b5b31d0c3c303675425f58a5af (commit) via 02e8344d3803b80b74bc9b56d718304a6588bc14 (commit) from 8650b6ca7c77e477234f9a1586e6a86b1c79fff3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f23a068bcb6ec9788710698578d8be0a2a006dbc Author: Werner Koch Date: Fri Apr 5 12:23:41 2013 +0200 Add test case for SCRYPT and rework the code. * tests/t-kdf.c (check_scrypt): New. (main): Call new test. * configure.ac: Support disabling of the scrypt algorithm. Make KDF enabling similar to the other algorithm classes. Disable scrypt if we don't have a 64 bit type. * cipher/memxor.c, cipher/memxor.h: Remove. * cipher/scrypt.h: Remove. * cipher/kdf-internal.h: New. * cipher/Makefile.am: Remove files. Add new file. Move scrypt.c to EXTRA_libcipher_la_SOURCES. (GCRYPT_MODULES): Add GCRYPT_KDFS. * src/gcrypt.h.in (GCRY_KDF_SCRYPT): Change value. * cipher/kdf.c (pkdf2): Rename to _gcry_kdf_pkdf2. (_gcry_kdf_pkdf2): Don't bail out for SALTLEN==0. (gcry_kdf_derive): Allow for a passwordlen of zero for scrypt. Check for SALTLEN > 0 for GCRY_KDF_PBKDF2. Pass algo to _gcry_kdf_scrypt. (gcry_kdf_derive) [!USE_SCRYPT]: Return an error. * cipher/scrypt.c: Replace memxor.h by bufhelp.h. Replace scrypt.h by kdf-internal.h. Enable code only if HAVE_U64_TYPEDEF is defined. Replace C99 types uint64_t, uint32_t, and uint8_t by libgcrypt types. (_SALSA20_INPUT_LENGTH): Remove underscore from identifier. (_scryptBlockMix): Replace memxor by buf_xor. (_gcry_kdf_scrypt): Use gcry_malloc and gcry_free. Check for integer overflow. Add hack to support blocksize of 1 for tests. Return errors from calls to _gcry_kdf_pkdf2. * cipher/kdf.c (openpgp_s2k): Make static. -- This patch prepares the addition of more KDF functions, brings the code into Libgcrypt shape, adds a test case and makes the code more robust. For example, scrypt would have fail silently if Libgcrypt was not build with SHA256 support. Also fixed symbol naming for systems without a visibility support. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 0d75680..926e531 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,8 @@ Noteworthy changes in version 1.6.0 (unreleased) * Added a random number generator to directly use the system's RNG. Also added an interface to prefer the use of a specified RNG. + * Added support for the SCRYPT algorithm. + * Interface changes relative to the 1.5.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_ac_* REMOVED. @@ -58,6 +60,7 @@ Noteworthy changes in version 1.6.0 (unreleased) GCRYMPI_FLAG_IMMUTABLE NEW. GCRYMPI_FLAG_CONST NEW. GCRYPT_VERSION_NUMBER NEW. + GCRY_KDF_SCRYPT NEW. Noteworthy changes in version 1.5.0 (2011-06-29) diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 5b016f0..5189794 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -31,7 +31,8 @@ AM_CCASFLAGS = $(NOEXECSTACK_FLAGS) noinst_LTLIBRARIES = libcipher.la -GCRYPT_MODULES = @GCRYPT_CIPHERS@ @GCRYPT_PUBKEY_CIPHERS@ @GCRYPT_DIGESTS@ +GCRYPT_MODULES = @GCRYPT_CIPHERS@ @GCRYPT_PUBKEY_CIPHERS@ \ + @GCRYPT_DIGESTS@ @GCRYPT_KDFS@ libcipher_la_DEPENDENCIES = $(GCRYPT_MODULES) libcipher_la_LIBADD = $(GCRYPT_MODULES) @@ -39,7 +40,8 @@ libcipher_la_LIBADD = $(GCRYPT_MODULES) libcipher_la_SOURCES = \ cipher.c cipher-internal.h \ cipher-cbc.c cipher-cfb.c cipher-ofb.c cipher-ctr.c cipher-aeswrap.c \ -pubkey.c md.c kdf.c scrypt.c memxor.c \ +pubkey.c md.c \ +kdf.c kdf-internal.h \ hmac-tests.c \ bithelp.h \ bufhelp.h \ @@ -62,6 +64,7 @@ md5.c \ rijndael.c rijndael-tables.h \ rmd160.c \ rsa.c \ +scrypt.c \ seed.c \ serpent.c \ sha1.c \ diff --git a/cipher/kdf-internal.h b/cipher/kdf-internal.h new file mode 100644 index 0000000..7079860 --- /dev/null +++ b/cipher/kdf-internal.h @@ -0,0 +1,40 @@ +/* kdf-internal.h - Internal defs for kdf.c + * Copyright (C) 2013 g10 Code GmbH + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser general Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#ifndef GCRY_KDF_INTERNAL_H +#define GCRY_KDF_INTERNAL_H + +/*-- kdf.c --*/ +gpg_err_code_t +_gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, + int hashalgo, + const void *salt, size_t saltlen, + unsigned long iterations, + size_t keysize, void *keybuffer); + +/*-- scrypt.c --*/ +gcry_err_code_t +_gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen, + int algo, int subalgo, + const unsigned char *salt, size_t saltlen, + unsigned long iterations, + size_t dklen, unsigned char *dk); + + +#endif /*GCRY_KDF_INTERNAL_H*/ diff --git a/cipher/kdf.c b/cipher/kdf.c index 4ea0fb2..da63574 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -1,5 +1,6 @@ /* kdf.c - Key Derivation Functions * Copyright (C) 1998, 2011 Free Software Foundation, Inc. + * Copyright (C) 2013 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -26,7 +27,7 @@ #include "g10lib.h" #include "cipher.h" #include "ath.h" -#include "scrypt.h" +#include "kdf-internal.h" /* Transform a passphrase into a suitable key of length KEYSIZE and @@ -34,7 +35,7 @@ must provide an HASHALGO, a valid ALGO and depending on that algo a SALT of 8 bytes and the number of ITERATIONS. Code taken from gnupg/agent/protect.c:hash_passphrase. */ -gpg_err_code_t +static gpg_err_code_t openpgp_s2k (const void *passphrase, size_t passphraselen, int algo, int hashalgo, const void *salt, size_t saltlen, @@ -117,11 +118,11 @@ openpgp_s2k (const void *passphrase, size_t passphraselen, used in HMAC mode. SALT is a salt of length SALTLEN and ITERATIONS gives the number of iterations. */ gpg_err_code_t -pkdf2 (const void *passphrase, size_t passphraselen, - int hashalgo, - const void *salt, size_t saltlen, - unsigned long iterations, - size_t keysize, void *keybuffer) +_gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, + int hashalgo, + const void *salt, size_t saltlen, + unsigned long iterations, + size_t keysize, void *keybuffer) { gpg_err_code_t ec; gcry_md_hd_t md; @@ -139,7 +140,10 @@ pkdf2 (const void *passphrase, size_t passphraselen, unsigned long iter; /* Current iteration number. */ unsigned int i; - if (!salt || !saltlen || !iterations || !dklen) + /* NWe allow for a saltlen of 0 here to support scrypt. It is not + clear whether rfc2898 allows for this this, thus we do a test on + saltlen > 0 only in gcry_kdf_derive. */ + if (!salt || !iterations || !dklen) return GPG_ERR_INV_VALUE; hlen = gcry_md_get_algo_dlen (hashalgo); @@ -239,11 +243,12 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen, { gpg_err_code_t ec; - if (!passphrase || (!passphraselen && algo != GCRY_KDF_PBKDF2)) + if (!passphrase) { ec = GPG_ERR_INV_DATA; goto leave; } + if (!keybuffer || !keysize) { ec = GPG_ERR_INV_VALUE; @@ -256,8 +261,11 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen, case GCRY_KDF_SIMPLE_S2K: case GCRY_KDF_SALTED_S2K: case GCRY_KDF_ITERSALTED_S2K: - ec = openpgp_s2k (passphrase, passphraselen, algo, subalgo, - salt, saltlen, iterations, keysize, keybuffer); + if (!passphraselen) + ec = GPG_ERR_INV_DATA; + else + ec = openpgp_s2k (passphrase, passphraselen, algo, subalgo, + salt, saltlen, iterations, keysize, keybuffer); break; case GCRY_KDF_PBKDF1: @@ -265,12 +273,22 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen, break; case GCRY_KDF_PBKDF2: - ec = pkdf2 (passphrase, passphraselen, subalgo, - salt, saltlen, iterations, keysize, keybuffer); + if (!saltlen) + ec = GPG_ERR_INV_VALUE; + else + ec = _gcry_kdf_pkdf2 (passphrase, passphraselen, subalgo, + salt, saltlen, iterations, keysize, keybuffer); break; + + case 41: case GCRY_KDF_SCRYPT: - ec = scrypt (passphrase, passphraselen, subalgo, - salt, saltlen, iterations, keysize, keybuffer); +#if USE_SCRYPT + ec = _gcry_kdf_scrypt (passphrase, passphraselen, algo, subalgo, + salt, saltlen, iterations, keysize, keybuffer); +#else + ec = GPG_ERR_UNSUPPORTED_ALGORITHM; +#endif /*USE_SCRYPT*/ + break; default: ec = GPG_ERR_UNKNOWN_ALGORITHM; diff --git a/cipher/memxor.c b/cipher/memxor.c deleted file mode 100644 index 74307f0..0000000 --- a/cipher/memxor.c +++ /dev/null @@ -1,326 +0,0 @@ -/* memxor.c - * - * - * This file is part of Libgcrypt. - * Adapted from the nettle, low-level cryptographics library for - * libgcrypt by Christian Grothoff; original license: - */ - -/* - * Copyright (C) 1991, 1993, 1995 Free Software Foundation, Inc. - * Copyright (C) 2010 Niels M?ller - * - * The nettle library is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation; either version 2.1 of the License, or (at your - * option) any later version. - * - * The nettle library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public - * License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with the nettle library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02111-1301, USA. - */ - -/* Implementation inspired by memcmp in glibc, contributed to the FSF - by Torbjorn Granlund. - */ - -#include -#include -#include -#include "memxor.h" - -typedef unsigned long int word_t; - -// FIXME: need configure test for this hack... -#define SIZEOF_LONG 8 - -#if SIZEOF_LONG & (SIZEOF_LONG - 1) -#error Word size must be a power of two -#endif - -#define ALIGN_OFFSET(p) ((uintptr_t) (p) % sizeof(word_t)) - -#ifndef WORDS_BIGENDIAN -#define MERGE(w0, sh_1, w1, sh_2) (((w0) >> (sh_1)) | ((w1) << (sh_2))) -#else -#define MERGE(w0, sh_1, w1, sh_2) (((w0) << (sh_1)) | ((w1) >> (sh_2))) -#endif - -#define WORD_T_THRESH 16 - -/* XOR word-aligned areas. n is the number of words, not bytes. */ -static void -memxor_common_alignment (word_t *dst, const word_t *src, size_t n) -{ - /* FIXME: Require n > 0? */ - /* FIXME: Unroll four times, like memcmp? Probably not worth the - effort. */ - - if (n & 1) - { - *dst++ ^= *src++; - n--; - } - for (; n >= 2; dst += 2, src += 2, n -= 2) - { - dst[0] ^= src[0]; - dst[1] ^= src[1]; - } -} - -/* XOR *un-aligned* src-area onto aligned dst area. n is number of - words, not bytes. Assumes we can read complete words at the start - and end of the src operand. */ -static void -memxor_different_alignment (word_t *dst, const uint8_t *src, size_t n) -{ - size_t i; - int shl, shr; - const word_t *src_word; - unsigned offset = ALIGN_OFFSET (src); - word_t s0, s1; - - shl = CHAR_BIT * offset; - shr = CHAR_BIT * (sizeof(word_t) - offset); - - src_word = (const word_t *) ((uintptr_t) src & -SIZEOF_LONG); - - /* FIXME: Unroll four times, like memcmp? */ - i = n & 1; - s0 = src_word[i]; - if (i) - { - s1 = src_word[0]; - dst[0] ^= MERGE (s1, shl, s0, shr); - } - - for (; i < n; i += 2) - { - s1 = src_word[i+1]; - dst[i] ^= MERGE(s0, shl, s1, shr); - s0 = src_word[i+2]; - dst[i+1] ^= MERGE(s1, shl, s0, shr); - } -} - -/* Performance, Intel SU1400 (x86_64): 0.25 cycles/byte aligned, 0.45 - cycles/byte unaligned. */ - -/* XOR LEN bytes starting at SRCADDR onto DESTADDR. Result undefined - if the source overlaps with the destination. Return DESTADDR. */ -uint8_t * -memxor(uint8_t *dst, const uint8_t *src, size_t n) -{ - uint8_t *orig_dst = dst; - - if (n >= WORD_T_THRESH) - { - /* There are at least some bytes to compare. No need to test - for N == 0 in this alignment loop. */ - while (ALIGN_OFFSET (dst)) - { - *dst++ ^= *src++; - n--; - } - if (ALIGN_OFFSET (src)) - memxor_different_alignment ((word_t *) dst, src, n / sizeof(word_t)); - else - memxor_common_alignment ((word_t *) dst, (const word_t *) src, n / sizeof(word_t)); - - dst += n & -SIZEOF_LONG; - src += n & -SIZEOF_LONG; - n = n & (SIZEOF_LONG - 1); - } - for (; n > 0; n--) - *dst++ ^= *src++; - - return orig_dst; -} - - -/* XOR word-aligned areas. n is the number of words, not bytes. */ -static void -memxor3_common_alignment (word_t *dst, - const word_t *a, const word_t *b, size_t n) -{ - /* FIXME: Require n > 0? */ - while (n-- > 0) - dst[n] = a[n] ^ b[n]; -} - -static void -memxor3_different_alignment_b (word_t *dst, - const word_t *a, const uint8_t *b, unsigned offset, size_t n) -{ - int shl, shr; - const word_t *b_word; - - word_t s0, s1; - - shl = CHAR_BIT * offset; - shr = CHAR_BIT * (sizeof(word_t) - offset); - - b_word = (const word_t *) ((uintptr_t) b & -SIZEOF_LONG); - - if (n & 1) - { - n--; - s1 = b_word[n]; - s0 = b_word[n+1]; - dst[n] = a[n] ^ MERGE (s1, shl, s0, shr); - } - else - s1 = b_word[n]; - - while (n > 0) - { - n -= 2; - s0 = b_word[n+1]; - dst[n+1] = a[n+1] ^ MERGE(s0, shl, s1, shr); - s1 = b_word[n]; - dst[n] = a[n] ^ MERGE(s1, shl, s0, shr); - } -} - -static void -memxor3_different_alignment_ab (word_t *dst, - const uint8_t *a, const uint8_t *b, - unsigned offset, size_t n) -{ - int shl, shr; - const word_t *a_word; - const word_t *b_word; - - word_t s0, s1; - - shl = CHAR_BIT * offset; - shr = CHAR_BIT * (sizeof(word_t) - offset); - - a_word = (const word_t *) ((uintptr_t) a & -SIZEOF_LONG); - b_word = (const word_t *) ((uintptr_t) b & -SIZEOF_LONG); - - if (n & 1) - { - n--; - s1 = a_word[n] ^ b_word[n]; - s0 = a_word[n+1] ^ b_word[n+1]; - dst[n] = MERGE (s1, shl, s0, shr); - } - else - s1 = a_word[n] ^ b_word[n]; - - while (n > 0) - { - n -= 2; - s0 = a_word[n+1] ^ b_word[n+1]; - dst[n+1] = MERGE(s0, shl, s1, shr); - s1 = a_word[n] ^ b_word[n]; - dst[n] = MERGE(s1, shl, s0, shr); - } -} - -static void -memxor3_different_alignment_all (word_t *dst, - const uint8_t *a, const uint8_t *b, - unsigned a_offset, unsigned b_offset, - size_t n) -{ - int al, ar, bl, br; - const word_t *a_word; - const word_t *b_word; - - word_t a0, a1, b0, b1; - - al = CHAR_BIT * a_offset; - ar = CHAR_BIT * (sizeof(word_t) - a_offset); - bl = CHAR_BIT * b_offset; - br = CHAR_BIT * (sizeof(word_t) - b_offset); - - a_word = (const word_t *) ((uintptr_t) a & -SIZEOF_LONG); - b_word = (const word_t *) ((uintptr_t) b & -SIZEOF_LONG); - - if (n & 1) - { - n--; - a1 = a_word[n]; a0 = a_word[n+1]; - b1 = b_word[n]; b0 = b_word[n+1]; - - dst[n] = MERGE (a1, al, a0, ar) ^ MERGE (b1, bl, b0, br); - } - else - { - a1 = a_word[n]; - b1 = b_word[n]; - } - - while (n > 0) - { - n -= 2; - a0 = a_word[n+1]; b0 = b_word[n+1]; - dst[n+1] = MERGE(a0, al, a1, ar) ^ MERGE(b0, bl, b1, br); - a1 = a_word[n]; b1 = b_word[n]; - dst[n] = MERGE(a1, al, a0, ar) ^ MERGE(b1, bl, b0, br); - } -} - -/* Current implementation processes data in descending order, to - support overlapping operation with one of the sources overlapping - the start of the destination area. This feature is used only - internally by cbc decrypt, and it is not advertised or documented - to nettle users. */ -uint8_t * -memxor3(uint8_t *dst, const uint8_t *a, const uint8_t *b, size_t n) -{ - if (n >= WORD_T_THRESH) - { - unsigned i; - unsigned a_offset; - unsigned b_offset; - size_t nwords; - - for (i = ALIGN_OFFSET(dst + n); i > 0; i--) - { - n--; - dst[n] = a[n] ^ b[n]; - } - - a_offset = ALIGN_OFFSET(a + n); - b_offset = ALIGN_OFFSET(b + n); - - nwords = n / sizeof (word_t); - n %= sizeof (word_t); - - if (a_offset == b_offset) - { - if (!a_offset) - memxor3_common_alignment((word_t *) (dst + n), - (const word_t *) (a + n), - (const word_t *) (b + n), nwords); - else - memxor3_different_alignment_ab((word_t *) (dst + n), - a + n, b + n, a_offset, - nwords); - } - else if (!a_offset) - memxor3_different_alignment_b((word_t *) (dst + n), - (const word_t *) (a + n), b + n, - b_offset, nwords); - else if (!b_offset) - memxor3_different_alignment_b((word_t *) (dst + n), - (const word_t *) (b + n), a + n, - a_offset, nwords); - else - memxor3_different_alignment_all((word_t *) (dst + n), a + n, b + n, - a_offset, b_offset, nwords); - } - while (n-- > 0) - dst[n] = a[n] ^ b[n]; - - return dst; -} diff --git a/cipher/memxor.h b/cipher/memxor.h deleted file mode 100644 index f308155..0000000 --- a/cipher/memxor.h +++ /dev/null @@ -1,21 +0,0 @@ -/* memxor.h - * - */ - -#ifndef MEMXOR_H_INCLUDED -#define MEMXOR_H_INCLUDED - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -uint8_t *memxor(uint8_t *dst, const uint8_t *src, size_t n); -uint8_t *memxor3(uint8_t *dst, const uint8_t *a, const uint8_t *b, size_t n); - -#ifdef __cplusplus -} -#endif - -#endif /* MEMXOR_H_INCLUDED */ diff --git a/cipher/scrypt.c b/cipher/scrypt.c index 45ab4b3..06196d6 100644 --- a/cipher/scrypt.c +++ b/cipher/scrypt.c @@ -1,6 +1,22 @@ /* scrypt.c - Scrypt password-based key derivation function. + * Copyright (C) 2012 Simon Josefsson + * Copyright (C) 2013 Christian Grothoff + * Copyright (C) 2013 g10 Code GmbH * * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser general Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . */ /* Adapted from the nettle, low-level cryptographics library for @@ -30,39 +46,40 @@ #include #include "g10lib.h" -#include "scrypt.h" -#include "memxor.h" - +#include "kdf-internal.h" +#include "bufhelp.h" +/* We really need a 64 bit type for this code. */ +#ifdef HAVE_U64_TYPEDEF -#define _SALSA20_INPUT_LENGTH 16 +#define SALSA20_INPUT_LENGTH 16 #define ROTL32(n,x) (((x)<<(n)) | ((x)>>(32-(n)))) /* Reads a 64-bit integer, in network, big-endian, byte order */ #define READ_UINT64(p) \ -( (((uint64_t) (p)[0]) << 56) \ - | (((uint64_t) (p)[1]) << 48) \ - | (((uint64_t) (p)[2]) << 40) \ - | (((uint64_t) (p)[3]) << 32) \ - | (((uint64_t) (p)[4]) << 24) \ - | (((uint64_t) (p)[5]) << 16) \ - | (((uint64_t) (p)[6]) << 8) \ - | ((uint64_t) (p)[7])) +( (((u64) (p)[0]) << 56) \ + | (((u64) (p)[1]) << 48) \ + | (((u64) (p)[2]) << 40) \ + | (((u64) (p)[3]) << 32) \ + | (((u64) (p)[4]) << 24) \ + | (((u64) (p)[5]) << 16) \ + | (((u64) (p)[6]) << 8) \ + | ((u64) (p)[7])) /* And the other, little-endian, byteorder */ #define LE_READ_UINT64(p) \ -( (((uint64_t) (p)[7]) << 56) \ - | (((uint64_t) (p)[6]) << 48) \ - | (((uint64_t) (p)[5]) << 40) \ - | (((uint64_t) (p)[4]) << 32) \ - | (((uint64_t) (p)[3]) << 24) \ - | (((uint64_t) (p)[2]) << 16) \ - | (((uint64_t) (p)[1]) << 8) \ - | ((uint64_t) (p)[0])) +( (((u64) (p)[7]) << 56) \ + | (((u64) (p)[6]) << 48) \ + | (((u64) (p)[5]) << 40) \ + | (((u64) (p)[4]) << 32) \ + | (((u64) (p)[3]) << 24) \ + | (((u64) (p)[2]) << 16) \ + | (((u64) (p)[1]) << 8) \ + | ((u64) (p)[0])) @@ -83,9 +100,9 @@ static void -_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds) +_salsa20_core(u32 *dst, const u32 *src, unsigned rounds) { - uint32_t x[_SALSA20_INPUT_LENGTH]; + u32 x[SALSA20_INPUT_LENGTH]; unsigned i; assert ( (rounds & 1) == 0); @@ -104,33 +121,36 @@ _salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds) QROUND(x[15], x[12], x[13], x[14]); } - for (i = 0; i < _SALSA20_INPUT_LENGTH; i++) + for (i = 0; i < SALSA20_INPUT_LENGTH; i++) { - uint32_t t = x[i] + src[i]; + u32 t = x[i] + src[i]; dst[i] = LE_SWAP32 (t); } } static void -_scryptBlockMix (uint32_t r, uint8_t *B, uint8_t *tmp2) +_scryptBlockMix (u32 r, unsigned char *B, unsigned char *tmp2) { - uint64_t i; - uint8_t *X = tmp2; - uint8_t *Y = tmp2 + 64; + u64 i; + unsigned char *X = tmp2; + unsigned char *Y = tmp2 + 64; #if 0 - for (i = 0; i < 2 * r; i++) + if (r == 1) { - size_t j; - printf ("B[%d]: ", i); - for (j = 0; j < 64; j++) - { - if (j % 4 == 0) - printf (" "); - printf ("%02x", B[i * 64 + j]); - } - printf ("\n"); + for (i = 0; i < 2 * r; i++) + { + size_t j; + printf ("B[%d] = ", (int)i); + for (j = 0; j < 64; j++) + { + if (j && !(j % 16)) + printf ("\n "); + printf (" %02x", B[i * 64 + j]); + } + putchar ('\n'); + } } #endif @@ -141,10 +161,10 @@ _scryptBlockMix (uint32_t r, uint8_t *B, uint8_t *tmp2) for (i = 0; i <= 2 * r - 1; i++) { /* T = X xor B[i] */ - memxor(X, &B[i * 64], 64); + buf_xor(X, X, &B[i * 64], 64); /* X = Salsa (T) */ - _salsa20_core (X, X, 8); + _salsa20_core ((u32*)X, (u32*)X, 8); /* Y[i] = X */ memcpy (&Y[i * 64], X, 64); @@ -157,38 +177,43 @@ _scryptBlockMix (uint32_t r, uint8_t *B, uint8_t *tmp2) } #if 0 - for (i = 0; i < 2 * r; i++) + if (r==1) { - size_t j; - printf ("B'[%d]: ", i); - for (j = 0; j < 64; j++) - { - if (j % 4 == 0) - printf (" "); - printf ("%02x", B[i * 64 + j]); - } - printf ("\n"); + for (i = 0; i < 2 * r; i++) + { + size_t j; + printf ("B'[%d] =", (int)i); + for (j = 0; j < 64; j++) + { + if (j && !(j % 16)) + printf ("\n "); + printf (" %02x", B[i * 64 + j]); + } + putchar ('\n'); + } } #endif } static void -_scryptROMix (uint32_t r, uint8_t *B, uint64_t N, - uint8_t *tmp1, uint8_t *tmp2) +_scryptROMix (u32 r, unsigned char *B, u64 N, + unsigned char *tmp1, unsigned char *tmp2) { - uint8_t *X = B, *T = B; - uint64_t i; + unsigned char *X = B, *T = B; + u64 i; #if 0 - printf ("B: "); - for (i = 0; i < 128 * r; i++) + if (r == 1) { - size_t j; - if (i % 4 == 0) - printf (" "); - printf ("%02x", B[i]); + printf ("B = "); + for (i = 0; i < 128 * r; i++) + { + if (i && !(i % 16)) + printf ("\n "); + printf (" %02x", B[i]); + } + putchar ('\n'); } - printf ("\n"); #endif /* for i = 0 to N - 1 do */ @@ -204,81 +229,118 @@ _scryptROMix (uint32_t r, uint8_t *B, uint64_t N, /* for i = 0 to N - 1 do */ for (i = 0; i <= N - 1; i++) { - uint64_t j; + u64 j; /* j = Integerify (X) mod N */ j = LE_READ_UINT64 (&X[128 * r - 64]) % N; /* T = X xor V[j] */ - memxor (T, &tmp1[j * 128 * r], 128 * r); + buf_xor (T, T, &tmp1[j * 128 * r], 128 * r); /* X = scryptBlockMix (T) */ _scryptBlockMix (r, T, tmp2); } #if 0 - printf ("B': "); - for (i = 0; i < 128 * r; i++) + if (r == 1) { - size_t j; - if (i % 4 == 0) - printf (" "); - printf ("%02x", B[i]); + printf ("B' ="); + for (i = 0; i < 128 * r; i++) + { + if (i && !(i % 16)) + printf ("\n "); + printf (" %02x", B[i]); + } + putchar ('\n'); } - printf ("\n"); #endif } /** */ gcry_err_code_t -scrypt (const uint8_t * passwd, size_t passwdlen, - int subalgo, - const uint8_t * salt, size_t saltlen, - unsigned long iterations, - size_t dkLen, uint8_t * DK) +_gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen, + int algo, int subalgo, + const unsigned char *salt, size_t saltlen, + unsigned long iterations, + size_t dkLen, unsigned char *DK) { - /* XXX sanity-check parameters */ - uint64_t N = subalgo; /* CPU/memory cost paramter */ - uint32_t r = 8; /* block size, should be sane enough */ - uint32_t p = iterations; /* parallelization parameter */ - - uint32_t i; - uint8_t *B; - uint8_t *tmp1; - uint8_t *tmp2; - + u64 N = subalgo; /* CPU/memory cost paramter. */ + u32 r; /* Block size. */ + u32 p = iterations; /* Parallelization parameter. */ + + gpg_err_code_t ec; + u32 i; + unsigned char *B = NULL; + unsigned char *tmp1 = NULL; + unsigned char *tmp2 = NULL; + size_t r128; + size_t nbytes; + + if (subalgo < 1 || !iterations) + return GPG_ERR_INV_VALUE; + + if (algo == GCRY_KDF_SCRYPT) + r = 8; + else if (algo == 41) /* Hack to allow the use of all test vectors. */ + r = 1; + else + return GPG_ERR_UNKNOWN_ALGORITHM; + + r128 = r * 128; + if (r128 / 128 != r) + return GPG_ERR_ENOMEM; - B = malloc (p * 128 * r); - if (B == NULL) + nbytes = p * r128; + if (r128 && nbytes / r128 != p) return GPG_ERR_ENOMEM; - tmp1 = malloc (N * 128 * r); - if (tmp1 == NULL) - { - free (B); + nbytes = N * r128; + if (r128 && nbytes / r128 != N) return GPG_ERR_ENOMEM; - } - tmp2 = malloc (64 + 128 * r); - if (tmp2 == NULL) - { - free (B); - free (tmp1); + nbytes = 64 + r128; + if (nbytes < r128) return GPG_ERR_ENOMEM; - } - pkdf2 (passwd, passwdlen, GCRY_MD_SHA256, salt, saltlen, 1 /* iterations */, p * 128 * r, B); + B = gcry_malloc (p * r128); + if (!B) + { + ec = gpg_err_code_from_syserror (); + goto leave; + } - for (i = 0; i < p; i++) - _scryptROMix (r, &B[i * 128 * r], N, tmp1, tmp2); + tmp1 = gcry_malloc (N * r128); + if (!tmp1) + { + ec = gpg_err_code_from_syserror (); + goto leave; + } + + tmp2 = gcry_malloc (64 + r128); + if (!tmp2) + { + ec = gpg_err_code_from_syserror (); + goto leave; + } - for (i = 0; i < p; i++) - pkdf2 (passwd, passwdlen, GCRY_MD_SHA256, B, p * 128 * r, 1 /* iterations */, dkLen, DK); + ec = _gcry_kdf_pkdf2 (passwd, passwdlen, GCRY_MD_SHA256, salt, saltlen, + 1 /* iterations */, p * r128, B); - free (tmp2); - free (tmp1); - free (B); + for (i = 0; !ec && i < p; i++) + _scryptROMix (r, &B[i * r128], N, tmp1, tmp2); - return 0; + for (i = 0; !ec && i < p; i++) + ec = _gcry_kdf_pkdf2 (passwd, passwdlen, GCRY_MD_SHA256, B, p * r128, + 1 /* iterations */, dkLen, DK); + + leave: + gcry_free (tmp2); + gcry_free (tmp1); + gcry_free (B); + + return ec; } + + +#endif /* HAVE_U64_TYPEDEF */ diff --git a/cipher/scrypt.h b/cipher/scrypt.h deleted file mode 100644 index e0c8df9..0000000 --- a/cipher/scrypt.h +++ /dev/null @@ -1,66 +0,0 @@ -/* scrypt.h - Scrypt password-based key derivation function. - * - * This file is part of Libgcrypt. - */ - -/* Adapted from the nettle, low-level cryptographics library for - * libgcrypt by Christian Grothoff; original license: - * - * Copyright (C) 2012 Simon Josefsson - * - * The nettle library is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation; either version 2.1 of the License, or (at your - * option) any later version. - * - * The nettle library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public - * License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with the nettle library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02111-1301, USA. - */ - -#ifndef SCRYPT_H_INCLUDED -#define SCRYPT_H_INCLUDED - -#ifdef __cplusplus -extern "C" -{ -#endif - -#include -#include "g10lib.h" -#include "cipher.h" - - -/* Transform a passphrase into a suitable key of length KEYSIZE and - store this key in the caller provided buffer KEYBUFFER. The caller - must provide PRFALGO which indicates the pseudorandom function to - use: This shall be the algorithms id of a hash algorithm; it is - used in HMAC mode. SALT is a salt of length SALTLEN and ITERATIONS - gives the number of iterations; implemented in 'kdf.c', used by - scrypt.c */ -gpg_err_code_t -pkdf2 (const void *passphrase, size_t passphraselen, - int hashalgo, - const void *salt, size_t saltlen, - unsigned long iterations, - size_t keysize, void *keybuffer); - - -gcry_err_code_t -scrypt (const uint8_t * passwd, size_t passwdlen, - int subalgo, - const uint8_t * salt, size_t saltlen, - unsigned long iterations, - size_t dkLen, uint8_t * DK); - -#ifdef __cplusplus -} -#endif - -#endif /* SCRYPT_H_INCLUDED */ diff --git a/configure.ac b/configure.ac index cebf4b9..c597389 100644 --- a/configure.ac +++ b/configure.ac @@ -199,6 +199,11 @@ available_digests="crc md4 md5 rmd160 sha1 sha256" available_digests_64="sha512 tiger whirlpool" enabled_digests="" +# Definitions for kdfs (optional ones) +available_kdfs="s2k pkdf2" +available_kdfs_64="scrypt" +enabled_kdfs="" + # Definitions for random modules. available_random_modules="linux egd unix" auto_random_modules="$available_random_modules" @@ -351,9 +356,11 @@ if test "$ac_cv_sizeof_unsigned_int" != "8" \ && test "$ac_cv_sizeof_unsigned_long" != "8" \ && test "$ac_cv_sizeof_unsigned_long_long" != "8" \ && test "$ac_cv_sizeof_uint64_t" != "8"; then - AC_MSG_WARN([No 64-bit types. Disabling TIGER/192, SHA-384, and SHA-512]) + AC_MSG_WARN([No 64-bit types. Disabling TIGER/192, SCRYPT, SHA-384, \ + and SHA-512]) else available_digests="$available_digests $available_digests_64" + available_kdfs="$available_kdfs $available_kdfs_64" fi # If not specified otherwise, all available algorithms will be @@ -361,6 +368,7 @@ fi default_ciphers="$available_ciphers" default_pubkey_ciphers="$available_pubkey_ciphers" default_digests="$available_digests" +default_kdfs="$available_kdfs" # Substitutions to set generated files in a Emacs buffer to read-only. AC_SUBST(emacs_local_vars_begin, ['Local Variables:']) @@ -431,6 +439,26 @@ for digest in $enabled_digests; do done AC_MSG_RESULT([$enabled_digests]) +# Implementation of the --enable-kdfs switch. +AC_ARG_ENABLE(kdfs, + AC_HELP_STRING([--enable-kfds=kdfs], + [select the KDFs to include]), + [enabled_kdfs=`echo $enableval | tr ',:' ' ' | tr '[A-Z]' '[a-z]'`], + [enabled_kdfs=""]) +if test "x$enabled_kdfs" = "x" \ + -o "$enabled_kdfs" = "yes" \ + -o "$enabled_kdfs" = "no"; then + enabled_kdfs=$default_kdfs +fi +AC_MSG_CHECKING([which key derivation functions to include]) +for kdf in $enabled_kdfs; do + LIST_MEMBER($kdf, $available_kdfs) + if test "$found" = "0"; then + AC_MSG_ERROR([unsupported key derivation function specified]) + fi +done +AC_MSG_RESULT([$enabled_kdfs]) + # Implementation of the --enable-random switch. AC_ARG_ENABLE(random, AC_HELP_STRING([--enable-random=name], @@ -1145,7 +1173,7 @@ fi # Define conditional sources and config.h symbols depending on the -# selected ciphers, pubkey-ciphers, digests and random modules. +# selected ciphers, pubkey-ciphers, digests, kdfs, and random modules. LIST_MEMBER(arcfour, $enabled_ciphers) if test "$found" = "1"; then @@ -1291,6 +1319,12 @@ GCRYPT_DIGESTS="$GCRYPT_DIGESTS rmd160.lo sha1.lo" AC_DEFINE(USE_RMD160, 1, [Defined if this module should be included]) AC_DEFINE(USE_SHA1, 1, [Defined if this module should be included]) +LIST_MEMBER(scrypt, $enabled_kdfs) +if test "$found" = "1" ; then + GCRYPT_KDFS="$GCRYPT_KDFS scrypt.lo" + AC_DEFINE(USE_SCRYPT, 1, [Defined if this module should be included]) +fi + LIST_MEMBER(linux, $random_modules) if test "$found" = "1" ; then GCRYPT_RANDOM="$GCRYPT_RANDOM rndlinux.lo" @@ -1327,6 +1361,7 @@ fi AC_SUBST([GCRYPT_CIPHERS]) AC_SUBST([GCRYPT_PUBKEY_CIPHERS]) AC_SUBST([GCRYPT_DIGESTS]) +AC_SUBST([GCRYPT_KDFS]) AC_SUBST([GCRYPT_RANDOM]) AC_SUBST(LIBGCRYPT_CIPHERS, $enabled_ciphers) @@ -1344,6 +1379,9 @@ AC_DEFINE_UNQUOTED(LIBGCRYPT_PUBKEY_CIPHERS, "$tmp", tmp=`echo "$enabled_digests" | tr ' ' : ` AC_DEFINE_UNQUOTED(LIBGCRYPT_DIGESTS, "$tmp", [List of available digest algorithms]) +tmp=`echo "$enabled_kdfs" | tr ' ' : ` +AC_DEFINE_UNQUOTED(LIBGCRYPT_KDFS, "$tmp", + [List of available KDF algorithms]) # @@ -1428,6 +1466,7 @@ GCRY_MSG_SHOW([Platform: ],[$PRINTABLE_OS_NAME ($host)]) GCRY_MSG_SHOW([Hardware detection module:],[$detection_module]) GCRY_MSG_WRAP([Enabled cipher algorithms:],[$enabled_ciphers]) GCRY_MSG_WRAP([Enabled digest algorithms:],[$enabled_digests]) +GCRY_MSG_WRAP([Enabled kdf algorithms: ],[$enabled_kdfs]) GCRY_MSG_WRAP([Enabled pubkey algorithms:],[$enabled_pubkey_ciphers]) GCRY_MSG_SHOW([Random number generator: ],[$random]) GCRY_MSG_SHOW([Using linux capabilities: ],[$use_capabilities]) diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index fe040f0..8f277c2 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -3174,7 +3174,7 @@ The PKCS#5 Passphrase Based Key Derivation Function number 2. @item GCRY_KDF_SCRYPT The SCRYPT Key Derivation Function. The subalgorithm is used to specify -the CPU/memory cost paramter N, and the number of iterations +the CPU/memory cost parameter N, and the number of iterations is used for the parallelization parameter p. The block size is fixed at 8 in the current implementation. diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index dff0e0b..3b37e19 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1194,7 +1194,7 @@ enum gcry_kdf_algos GCRY_KDF_ITERSALTED_S2K = 19, GCRY_KDF_PBKDF1 = 33, GCRY_KDF_PBKDF2 = 34, - GCRY_KDF_SCRYPT = 35 + GCRY_KDF_SCRYPT = 48 }; /* Derive a key from a passphrase. */ diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 06c0026..50deba0 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -35,6 +35,7 @@ /* Program option flags. */ static int verbose; +static int debug; static int error_count; static void @@ -925,7 +926,7 @@ check_pbkdf2 (void) 20, "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2" "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97" - }, + } }; int tvidx; gpg_error_t err; @@ -957,11 +958,106 @@ check_pbkdf2 (void) } +static void +check_scrypt (void) +{ + /* Test vectors are from draft-josefsson-scrypt-kdf-01. */ + static struct { + const char *p; /* Passphrase. */ + size_t plen; /* Length of P. */ + const char *salt; + size_t saltlen; + int parm_n; /* CPU/memory cost. */ + int parm_r; /* blocksize */ + unsigned long parm_p; /* parallelization. */ + int dklen; /* Requested key length. */ + const char *dk; /* Derived key. */ + int disabled; + } tv[] = { + { + "", 0, + "", 0, + 16, + 1, + 1, + 64, + "\x77\xd6\x57\x62\x38\x65\x7b\x20\x3b\x19\xca\x42\xc1\x8a\x04\x97" + "\xf1\x6b\x48\x44\xe3\x07\x4a\xe8\xdf\xdf\xfa\x3f\xed\xe2\x14\x42" + "\xfc\xd0\x06\x9d\xed\x09\x48\xf8\x32\x6a\x75\x3a\x0f\xc8\x1f\x17" + "\xe8\xd3\xe0\xfb\x2e\x0d\x36\x28\xcf\x35\xe2\x0c\x38\xd1\x89\x06" + }, + { + "password", 8, + "NaCl", 4, + 1024, + 8, + 16, + 64, + "\xfd\xba\xbe\x1c\x9d\x34\x72\x00\x78\x56\xe7\x19\x0d\x01\xe9\xfe" + "\x7c\x6a\xd7\xcb\xc8\x23\x78\x30\xe7\x73\x76\x63\x4b\x37\x31\x62" + "\x2e\xaf\x30\xd9\x2e\x22\xa3\x88\x6f\xf1\x09\x27\x9d\x98\x30\xda" + "\xc7\x27\xaf\xb9\x4a\x83\xee\x6d\x83\x60\xcb\xdf\xa2\xcc\x06\x40" + }, + { + "pleaseletmein", 13, + "SodiumChloride", 14, + 16384, + 8, + 1, + 64, + "\x70\x23\xbd\xcb\x3a\xfd\x73\x48\x46\x1c\x06\xcd\x81\xfd\x38\xeb" + "\xfd\xa8\xfb\xba\x90\x4f\x8e\x3e\xa9\xb5\x43\xf6\x54\x5d\xa1\xf2" + "\xd5\x43\x29\x55\x61\x3f\x0f\xcf\x62\xd4\x97\x05\x24\x2a\x9a\xf9" + "\xe6\x1e\x85\xdc\x0d\x65\x1e\x40\xdf\xcf\x01\x7b\x45\x57\x58\x87" + }, + { + "pleaseletmein", 13, + "SodiumChloride", 14, + 1048576, + 8, + 1, + 64, + "\x21\x01\xcb\x9b\x6a\x51\x1a\xae\xad\xdb\xbe\x09\xcf\x70\xf8\x81" + "\xec\x56\x8d\x57\x4a\x2f\xfd\x4d\xab\xe5\xee\x98\x20\xad\xaa\x47" + "\x8e\x56\xfd\x8f\x4b\xa5\xd0\x9f\xfa\x1c\x6d\x92\x7c\x40\xf4\xc3" + "\x37\x30\x40\x49\xe8\xa9\x52\xfb\xcb\xf4\x5c\x6f\xa7\x7a\x41\xa4", + 2 /* Only in debug mode. */ + } + }; + int tvidx; + gpg_error_t err; + unsigned char outbuf[64]; + int i; + + for (tvidx=0; tvidx < DIM(tv); tvidx++) + { + if (tv[tvidx].disabled && !(tv[tvidx].disabled == 2 && debug)) + continue; + if (verbose) + fprintf (stderr, "checking SCRYPT test vector %d\n", tvidx); + assert (tv[tvidx].dklen <= sizeof outbuf); + err = gcry_kdf_derive (tv[tvidx].p, tv[tvidx].plen, + tv[tvidx].parm_r == 1 ? 41 : GCRY_KDF_SCRYPT, + tv[tvidx].parm_n, + tv[tvidx].salt, tv[tvidx].saltlen, + tv[tvidx].parm_p, tv[tvidx].dklen, outbuf); + if (err) + fail ("scrypt test %d failed: %s\n", tvidx, gpg_strerror (err)); + else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen)) + { + fail ("scrypt test %d failed: mismatch\n", tvidx); + fputs ("got:", stderr); + for (i=0; i < tv[tvidx].dklen; i++) + fprintf (stderr, " %02x", outbuf[i]); + putc ('\n', stderr); + } + } +} + + int main (int argc, char **argv) { - int debug = 0; - if (argc > 1 && !strcmp (argv[1], "--verbose")) verbose = 1; else if (argc > 1 && !strcmp (argv[1], "--debug")) @@ -977,6 +1073,7 @@ main (int argc, char **argv) check_openpgp (); check_pbkdf2 (); + check_scrypt (); return error_count ? 1 : 0; } commit 855b1a8f81b5a3b5b31d0c3c303675425f58a5af Author: Christian Grothoff Date: Thu Apr 4 16:12:16 2013 +0200 Add the SCRYPT KDF function * scrypt.c, scrypt.h: New files. * memxor.c, memxor.h: New files. * cipher/Makefile.am: Add new files. * cipher/kdf.c (gcry_kdf_derive): Support GCRY_KDF_SCRYPT. * src/gcrypt.h.in (GCRY_KDF_SCRYPT): New. -- Signed-off-by: Christian Grothoff I added the ChangeLog entry and the missing signed-off line. Signed-off-by: Werner Koch diff --git a/cipher/Makefile.am b/cipher/Makefile.am index fcb9be5..5b016f0 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -39,7 +39,7 @@ libcipher_la_LIBADD = $(GCRYPT_MODULES) libcipher_la_SOURCES = \ cipher.c cipher-internal.h \ cipher-cbc.c cipher-cfb.c cipher-ofb.c cipher-ctr.c cipher-aeswrap.c \ -pubkey.c md.c kdf.c \ +pubkey.c md.c kdf.c scrypt.c memxor.c \ hmac-tests.c \ bithelp.h \ bufhelp.h \ diff --git a/cipher/kdf.c b/cipher/kdf.c index 46e8550..4ea0fb2 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -26,6 +26,7 @@ #include "g10lib.h" #include "cipher.h" #include "ath.h" +#include "scrypt.h" /* Transform a passphrase into a suitable key of length KEYSIZE and @@ -267,6 +268,9 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen, ec = pkdf2 (passphrase, passphraselen, subalgo, salt, saltlen, iterations, keysize, keybuffer); break; + case GCRY_KDF_SCRYPT: + ec = scrypt (passphrase, passphraselen, subalgo, + salt, saltlen, iterations, keysize, keybuffer); default: ec = GPG_ERR_UNKNOWN_ALGORITHM; diff --git a/cipher/memxor.c b/cipher/memxor.c new file mode 100644 index 0000000..74307f0 --- /dev/null +++ b/cipher/memxor.c @@ -0,0 +1,326 @@ +/* memxor.c + * + * + * This file is part of Libgcrypt. + * Adapted from the nettle, low-level cryptographics library for + * libgcrypt by Christian Grothoff; original license: + */ + +/* + * Copyright (C) 1991, 1993, 1995 Free Software Foundation, Inc. + * Copyright (C) 2010 Niels M?ller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +/* Implementation inspired by memcmp in glibc, contributed to the FSF + by Torbjorn Granlund. + */ + +#include +#include +#include +#include "memxor.h" + +typedef unsigned long int word_t; + +// FIXME: need configure test for this hack... +#define SIZEOF_LONG 8 + +#if SIZEOF_LONG & (SIZEOF_LONG - 1) +#error Word size must be a power of two +#endif + +#define ALIGN_OFFSET(p) ((uintptr_t) (p) % sizeof(word_t)) + +#ifndef WORDS_BIGENDIAN +#define MERGE(w0, sh_1, w1, sh_2) (((w0) >> (sh_1)) | ((w1) << (sh_2))) +#else +#define MERGE(w0, sh_1, w1, sh_2) (((w0) << (sh_1)) | ((w1) >> (sh_2))) +#endif + +#define WORD_T_THRESH 16 + +/* XOR word-aligned areas. n is the number of words, not bytes. */ +static void +memxor_common_alignment (word_t *dst, const word_t *src, size_t n) +{ + /* FIXME: Require n > 0? */ + /* FIXME: Unroll four times, like memcmp? Probably not worth the + effort. */ + + if (n & 1) + { + *dst++ ^= *src++; + n--; + } + for (; n >= 2; dst += 2, src += 2, n -= 2) + { + dst[0] ^= src[0]; + dst[1] ^= src[1]; + } +} + +/* XOR *un-aligned* src-area onto aligned dst area. n is number of + words, not bytes. Assumes we can read complete words at the start + and end of the src operand. */ +static void +memxor_different_alignment (word_t *dst, const uint8_t *src, size_t n) +{ + size_t i; + int shl, shr; + const word_t *src_word; + unsigned offset = ALIGN_OFFSET (src); + word_t s0, s1; + + shl = CHAR_BIT * offset; + shr = CHAR_BIT * (sizeof(word_t) - offset); + + src_word = (const word_t *) ((uintptr_t) src & -SIZEOF_LONG); + + /* FIXME: Unroll four times, like memcmp? */ + i = n & 1; + s0 = src_word[i]; + if (i) + { + s1 = src_word[0]; + dst[0] ^= MERGE (s1, shl, s0, shr); + } + + for (; i < n; i += 2) + { + s1 = src_word[i+1]; + dst[i] ^= MERGE(s0, shl, s1, shr); + s0 = src_word[i+2]; + dst[i+1] ^= MERGE(s1, shl, s0, shr); + } +} + +/* Performance, Intel SU1400 (x86_64): 0.25 cycles/byte aligned, 0.45 + cycles/byte unaligned. */ + +/* XOR LEN bytes starting at SRCADDR onto DESTADDR. Result undefined + if the source overlaps with the destination. Return DESTADDR. */ +uint8_t * +memxor(uint8_t *dst, const uint8_t *src, size_t n) +{ + uint8_t *orig_dst = dst; + + if (n >= WORD_T_THRESH) + { + /* There are at least some bytes to compare. No need to test + for N == 0 in this alignment loop. */ + while (ALIGN_OFFSET (dst)) + { + *dst++ ^= *src++; + n--; + } + if (ALIGN_OFFSET (src)) + memxor_different_alignment ((word_t *) dst, src, n / sizeof(word_t)); + else + memxor_common_alignment ((word_t *) dst, (const word_t *) src, n / sizeof(word_t)); + + dst += n & -SIZEOF_LONG; + src += n & -SIZEOF_LONG; + n = n & (SIZEOF_LONG - 1); + } + for (; n > 0; n--) + *dst++ ^= *src++; + + return orig_dst; +} + + +/* XOR word-aligned areas. n is the number of words, not bytes. */ +static void +memxor3_common_alignment (word_t *dst, + const word_t *a, const word_t *b, size_t n) +{ + /* FIXME: Require n > 0? */ + while (n-- > 0) + dst[n] = a[n] ^ b[n]; +} + +static void +memxor3_different_alignment_b (word_t *dst, + const word_t *a, const uint8_t *b, unsigned offset, size_t n) +{ + int shl, shr; + const word_t *b_word; + + word_t s0, s1; + + shl = CHAR_BIT * offset; + shr = CHAR_BIT * (sizeof(word_t) - offset); + + b_word = (const word_t *) ((uintptr_t) b & -SIZEOF_LONG); + + if (n & 1) + { + n--; + s1 = b_word[n]; + s0 = b_word[n+1]; + dst[n] = a[n] ^ MERGE (s1, shl, s0, shr); + } + else + s1 = b_word[n]; + + while (n > 0) + { + n -= 2; + s0 = b_word[n+1]; + dst[n+1] = a[n+1] ^ MERGE(s0, shl, s1, shr); + s1 = b_word[n]; + dst[n] = a[n] ^ MERGE(s1, shl, s0, shr); + } +} + +static void +memxor3_different_alignment_ab (word_t *dst, + const uint8_t *a, const uint8_t *b, + unsigned offset, size_t n) +{ + int shl, shr; + const word_t *a_word; + const word_t *b_word; + + word_t s0, s1; + + shl = CHAR_BIT * offset; + shr = CHAR_BIT * (sizeof(word_t) - offset); + + a_word = (const word_t *) ((uintptr_t) a & -SIZEOF_LONG); + b_word = (const word_t *) ((uintptr_t) b & -SIZEOF_LONG); + + if (n & 1) + { + n--; + s1 = a_word[n] ^ b_word[n]; + s0 = a_word[n+1] ^ b_word[n+1]; + dst[n] = MERGE (s1, shl, s0, shr); + } + else + s1 = a_word[n] ^ b_word[n]; + + while (n > 0) + { + n -= 2; + s0 = a_word[n+1] ^ b_word[n+1]; + dst[n+1] = MERGE(s0, shl, s1, shr); + s1 = a_word[n] ^ b_word[n]; + dst[n] = MERGE(s1, shl, s0, shr); + } +} + +static void +memxor3_different_alignment_all (word_t *dst, + const uint8_t *a, const uint8_t *b, + unsigned a_offset, unsigned b_offset, + size_t n) +{ + int al, ar, bl, br; + const word_t *a_word; + const word_t *b_word; + + word_t a0, a1, b0, b1; + + al = CHAR_BIT * a_offset; + ar = CHAR_BIT * (sizeof(word_t) - a_offset); + bl = CHAR_BIT * b_offset; + br = CHAR_BIT * (sizeof(word_t) - b_offset); + + a_word = (const word_t *) ((uintptr_t) a & -SIZEOF_LONG); + b_word = (const word_t *) ((uintptr_t) b & -SIZEOF_LONG); + + if (n & 1) + { + n--; + a1 = a_word[n]; a0 = a_word[n+1]; + b1 = b_word[n]; b0 = b_word[n+1]; + + dst[n] = MERGE (a1, al, a0, ar) ^ MERGE (b1, bl, b0, br); + } + else + { + a1 = a_word[n]; + b1 = b_word[n]; + } + + while (n > 0) + { + n -= 2; + a0 = a_word[n+1]; b0 = b_word[n+1]; + dst[n+1] = MERGE(a0, al, a1, ar) ^ MERGE(b0, bl, b1, br); + a1 = a_word[n]; b1 = b_word[n]; + dst[n] = MERGE(a1, al, a0, ar) ^ MERGE(b1, bl, b0, br); + } +} + +/* Current implementation processes data in descending order, to + support overlapping operation with one of the sources overlapping + the start of the destination area. This feature is used only + internally by cbc decrypt, and it is not advertised or documented + to nettle users. */ +uint8_t * +memxor3(uint8_t *dst, const uint8_t *a, const uint8_t *b, size_t n) +{ + if (n >= WORD_T_THRESH) + { + unsigned i; + unsigned a_offset; + unsigned b_offset; + size_t nwords; + + for (i = ALIGN_OFFSET(dst + n); i > 0; i--) + { + n--; + dst[n] = a[n] ^ b[n]; + } + + a_offset = ALIGN_OFFSET(a + n); + b_offset = ALIGN_OFFSET(b + n); + + nwords = n / sizeof (word_t); + n %= sizeof (word_t); + + if (a_offset == b_offset) + { + if (!a_offset) + memxor3_common_alignment((word_t *) (dst + n), + (const word_t *) (a + n), + (const word_t *) (b + n), nwords); + else + memxor3_different_alignment_ab((word_t *) (dst + n), + a + n, b + n, a_offset, + nwords); + } + else if (!a_offset) + memxor3_different_alignment_b((word_t *) (dst + n), + (const word_t *) (a + n), b + n, + b_offset, nwords); + else if (!b_offset) + memxor3_different_alignment_b((word_t *) (dst + n), + (const word_t *) (b + n), a + n, + a_offset, nwords); + else + memxor3_different_alignment_all((word_t *) (dst + n), a + n, b + n, + a_offset, b_offset, nwords); + } + while (n-- > 0) + dst[n] = a[n] ^ b[n]; + + return dst; +} diff --git a/cipher/memxor.h b/cipher/memxor.h new file mode 100644 index 0000000..f308155 --- /dev/null +++ b/cipher/memxor.h @@ -0,0 +1,21 @@ +/* memxor.h + * + */ + +#ifndef MEMXOR_H_INCLUDED +#define MEMXOR_H_INCLUDED + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +uint8_t *memxor(uint8_t *dst, const uint8_t *src, size_t n); +uint8_t *memxor3(uint8_t *dst, const uint8_t *a, const uint8_t *b, size_t n); + +#ifdef __cplusplus +} +#endif + +#endif /* MEMXOR_H_INCLUDED */ diff --git a/cipher/scrypt.c b/cipher/scrypt.c new file mode 100644 index 0000000..45ab4b3 --- /dev/null +++ b/cipher/scrypt.c @@ -0,0 +1,284 @@ +/* scrypt.c - Scrypt password-based key derivation function. + * + * This file is part of Libgcrypt. + */ + +/* Adapted from the nettle, low-level cryptographics library for + * libgcrypt by Christian Grothoff; original license: + * + * Copyright (C) 2012 Simon Josefsson + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +#include +#include +#include +#include + +#include "g10lib.h" +#include "scrypt.h" +#include "memxor.h" + + + +#define _SALSA20_INPUT_LENGTH 16 + +#define ROTL32(n,x) (((x)<<(n)) | ((x)>>(32-(n)))) + + +/* Reads a 64-bit integer, in network, big-endian, byte order */ +#define READ_UINT64(p) \ +( (((uint64_t) (p)[0]) << 56) \ + | (((uint64_t) (p)[1]) << 48) \ + | (((uint64_t) (p)[2]) << 40) \ + | (((uint64_t) (p)[3]) << 32) \ + | (((uint64_t) (p)[4]) << 24) \ + | (((uint64_t) (p)[5]) << 16) \ + | (((uint64_t) (p)[6]) << 8) \ + | ((uint64_t) (p)[7])) + + + +/* And the other, little-endian, byteorder */ +#define LE_READ_UINT64(p) \ +( (((uint64_t) (p)[7]) << 56) \ + | (((uint64_t) (p)[6]) << 48) \ + | (((uint64_t) (p)[5]) << 40) \ + | (((uint64_t) (p)[4]) << 32) \ + | (((uint64_t) (p)[3]) << 24) \ + | (((uint64_t) (p)[2]) << 16) \ + | (((uint64_t) (p)[1]) << 8) \ + | ((uint64_t) (p)[0])) + + + +#ifdef WORDS_BIGENDIAN +#define LE_SWAP32(v) \ + ((ROTL32(8, v) & 0x00FF00FFUL) | \ + (ROTL32(24, v) & 0xFF00FF00UL)) +#else +#define LE_SWAP32(v) (v) +#endif + +#define QROUND(x0, x1, x2, x3) do { \ + x1 ^= ROTL32(7, x0 + x3); \ + x2 ^= ROTL32(9, x1 + x0); \ + x3 ^= ROTL32(13, x2 + x1); \ + x0 ^= ROTL32(18, x3 + x2); \ + } while(0) + + +static void +_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds) +{ + uint32_t x[_SALSA20_INPUT_LENGTH]; + unsigned i; + + assert ( (rounds & 1) == 0); + + memcpy (x, src, sizeof(x)); + for (i = 0; i < rounds;i += 2) + { + QROUND(x[0], x[4], x[8], x[12]); + QROUND(x[5], x[9], x[13], x[1]); + QROUND(x[10], x[14], x[2], x[6]); + QROUND(x[15], x[3], x[7], x[11]); + + QROUND(x[0], x[1], x[2], x[3]); + QROUND(x[5], x[6], x[7], x[4]); + QROUND(x[10], x[11], x[8], x[9]); + QROUND(x[15], x[12], x[13], x[14]); + } + + for (i = 0; i < _SALSA20_INPUT_LENGTH; i++) + { + uint32_t t = x[i] + src[i]; + dst[i] = LE_SWAP32 (t); + } +} + + +static void +_scryptBlockMix (uint32_t r, uint8_t *B, uint8_t *tmp2) +{ + uint64_t i; + uint8_t *X = tmp2; + uint8_t *Y = tmp2 + 64; + +#if 0 + for (i = 0; i < 2 * r; i++) + { + size_t j; + printf ("B[%d]: ", i); + for (j = 0; j < 64; j++) + { + if (j % 4 == 0) + printf (" "); + printf ("%02x", B[i * 64 + j]); + } + printf ("\n"); + } +#endif + + /* X = B[2 * r - 1] */ + memcpy (X, &B[(2 * r - 1) * 64], 64); + + /* for i = 0 to 2 * r - 1 do */ + for (i = 0; i <= 2 * r - 1; i++) + { + /* T = X xor B[i] */ + memxor(X, &B[i * 64], 64); + + /* X = Salsa (T) */ + _salsa20_core (X, X, 8); + + /* Y[i] = X */ + memcpy (&Y[i * 64], X, 64); + } + + for (i = 0; i < r; i++) + { + memcpy (&B[i * 64], &Y[2 * i * 64], 64); + memcpy (&B[(r + i) * 64], &Y[(2 * i + 1) * 64], 64); + } + +#if 0 + for (i = 0; i < 2 * r; i++) + { + size_t j; + printf ("B'[%d]: ", i); + for (j = 0; j < 64; j++) + { + if (j % 4 == 0) + printf (" "); + printf ("%02x", B[i * 64 + j]); + } + printf ("\n"); + } +#endif +} + +static void +_scryptROMix (uint32_t r, uint8_t *B, uint64_t N, + uint8_t *tmp1, uint8_t *tmp2) +{ + uint8_t *X = B, *T = B; + uint64_t i; + +#if 0 + printf ("B: "); + for (i = 0; i < 128 * r; i++) + { + size_t j; + if (i % 4 == 0) + printf (" "); + printf ("%02x", B[i]); + } + printf ("\n"); +#endif + + /* for i = 0 to N - 1 do */ + for (i = 0; i <= N - 1; i++) + { + /* V[i] = X */ + memcpy (&tmp1[i * 128 * r], X, 128 * r); + + /* X = ScryptBlockMix (X) */ + _scryptBlockMix (r, X, tmp2); + } + + /* for i = 0 to N - 1 do */ + for (i = 0; i <= N - 1; i++) + { + uint64_t j; + + /* j = Integerify (X) mod N */ + j = LE_READ_UINT64 (&X[128 * r - 64]) % N; + + /* T = X xor V[j] */ + memxor (T, &tmp1[j * 128 * r], 128 * r); + + /* X = scryptBlockMix (T) */ + _scryptBlockMix (r, T, tmp2); + } + +#if 0 + printf ("B': "); + for (i = 0; i < 128 * r; i++) + { + size_t j; + if (i % 4 == 0) + printf (" "); + printf ("%02x", B[i]); + } + printf ("\n"); +#endif +} + +/** + */ +gcry_err_code_t +scrypt (const uint8_t * passwd, size_t passwdlen, + int subalgo, + const uint8_t * salt, size_t saltlen, + unsigned long iterations, + size_t dkLen, uint8_t * DK) +{ + /* XXX sanity-check parameters */ + uint64_t N = subalgo; /* CPU/memory cost paramter */ + uint32_t r = 8; /* block size, should be sane enough */ + uint32_t p = iterations; /* parallelization parameter */ + + uint32_t i; + uint8_t *B; + uint8_t *tmp1; + uint8_t *tmp2; + + + B = malloc (p * 128 * r); + if (B == NULL) + return GPG_ERR_ENOMEM; + + tmp1 = malloc (N * 128 * r); + if (tmp1 == NULL) + { + free (B); + return GPG_ERR_ENOMEM; + } + + tmp2 = malloc (64 + 128 * r); + if (tmp2 == NULL) + { + free (B); + free (tmp1); + return GPG_ERR_ENOMEM; + } + + pkdf2 (passwd, passwdlen, GCRY_MD_SHA256, salt, saltlen, 1 /* iterations */, p * 128 * r, B); + + for (i = 0; i < p; i++) + _scryptROMix (r, &B[i * 128 * r], N, tmp1, tmp2); + + for (i = 0; i < p; i++) + pkdf2 (passwd, passwdlen, GCRY_MD_SHA256, B, p * 128 * r, 1 /* iterations */, dkLen, DK); + + free (tmp2); + free (tmp1); + free (B); + + return 0; +} diff --git a/cipher/scrypt.h b/cipher/scrypt.h new file mode 100644 index 0000000..e0c8df9 --- /dev/null +++ b/cipher/scrypt.h @@ -0,0 +1,66 @@ +/* scrypt.h - Scrypt password-based key derivation function. + * + * This file is part of Libgcrypt. + */ + +/* Adapted from the nettle, low-level cryptographics library for + * libgcrypt by Christian Grothoff; original license: + * + * Copyright (C) 2012 Simon Josefsson + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +#ifndef SCRYPT_H_INCLUDED +#define SCRYPT_H_INCLUDED + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include +#include "g10lib.h" +#include "cipher.h" + + +/* Transform a passphrase into a suitable key of length KEYSIZE and + store this key in the caller provided buffer KEYBUFFER. The caller + must provide PRFALGO which indicates the pseudorandom function to + use: This shall be the algorithms id of a hash algorithm; it is + used in HMAC mode. SALT is a salt of length SALTLEN and ITERATIONS + gives the number of iterations; implemented in 'kdf.c', used by + scrypt.c */ +gpg_err_code_t +pkdf2 (const void *passphrase, size_t passphraselen, + int hashalgo, + const void *salt, size_t saltlen, + unsigned long iterations, + size_t keysize, void *keybuffer); + + +gcry_err_code_t +scrypt (const uint8_t * passwd, size_t passwdlen, + int subalgo, + const uint8_t * salt, size_t saltlen, + unsigned long iterations, + size_t dkLen, uint8_t * DK); + +#ifdef __cplusplus +} +#endif + +#endif /* SCRYPT_H_INCLUDED */ diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index bef91f7..fe040f0 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -3172,6 +3172,12 @@ iteration count. @item GCRY_KDF_PBKDF2 The PKCS#5 Passphrase Based Key Derivation Function number 2. + at item GCRY_KDF_SCRYPT +The SCRYPT Key Derivation Function. The subalgorithm is used to specify +the CPU/memory cost paramter N, and the number of iterations +is used for the parallelization parameter p. The block size is fixed +at 8 in the current implementation. + @end table @end deftypefun diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 8343799..dff0e0b 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1193,7 +1193,8 @@ enum gcry_kdf_algos GCRY_KDF_SALTED_S2K = 17, GCRY_KDF_ITERSALTED_S2K = 19, GCRY_KDF_PBKDF1 = 33, - GCRY_KDF_PBKDF2 = 34 + GCRY_KDF_PBKDF2 = 34, + GCRY_KDF_SCRYPT = 35 }; /* Derive a key from a passphrase. */ commit 02e8344d3803b80b74bc9b56d718304a6588bc14 Author: Werner Koch Date: Tue Mar 26 21:21:41 2013 +0100 Doc fix. -- diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index a6b585d..bef91f7 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2359,7 +2359,8 @@ S-expression returned is: Where @var{r-mpi} and @var{s-mpi} are the result of the DSA sign operation. For Elgamal signing (which is slow, yields large numbers and probably is not as secure as the other algorithms), the same format is -used with "elg" replacing "dsa". +used with "elg" replacing "dsa"; for ECDSA signing, the same format is used +with "ecdsa" replacing "dsa". @end deftypefun @c end gcry_pk_sign ----------------------------------------------------------------------- Summary of changes: NEWS | 3 + cipher/Makefile.am | 7 +- cipher/kdf-internal.h | 40 ++++++ cipher/kdf.c | 46 +++++-- cipher/scrypt.c | 346 +++++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 43 ++++++- doc/gcrypt.texi | 9 +- src/gcrypt.h.in | 3 +- tests/t-kdf.c | 103 ++++++++++++++- 9 files changed, 579 insertions(+), 21 deletions(-) create mode 100644 cipher/kdf-internal.h create mode 100644 cipher/scrypt.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 5 18:45:44 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 05 Apr 2013 18:45:44 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-110-g56a1f60 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 56a1f6088fabfb0535da2b6a625a907b41b4c271 (commit) via fe91a642c7c257aca095b96406fbcace88fa3df4 (commit) from f23a068bcb6ec9788710698578d8be0a2a006dbc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 56a1f6088fabfb0535da2b6a625a907b41b4c271 Author: Werner Koch Date: Fri Apr 5 18:28:01 2013 +0200 Clarify DCO for Werner Koch -- All work on Libgcrypt done by Werner Koch is work made for hire by his company. Added as a mail style comment to the signed-off-by address. diff --git a/AUTHORS b/AUTHORS index 67c46d9..5c75b3c 100644 --- a/AUTHORS +++ b/AUTHORS @@ -125,7 +125,7 @@ Rafa?l Carr? Tom?? Mr?z 2012-04-16:1334571250.5056.52.camel at vespa.frost.loc: -Werner Koch +Werner Koch (g10 Code GmbH) 2012-12-05:87obi8u4h2.fsf at vigenere.g10code.de: commit fe91a642c7c257aca095b96406fbcace88fa3df4 Author: Werner Koch Date: Fri Apr 5 18:08:36 2013 +0200 Make the Q parameter optional for ECC signing. * cipher/ecc.c (ecc_sign): Remove the need for Q. * cipher/pubkey.c (sexp_elements_extract_ecc): Make Q optional for a private key. (sexp_to_key): Add optional arg R_IS_ECC. (gcry_pk_sign): Do not call gcry_pk_get_nbits for ECC keys. * tests/pubkey.c (die): Make sure to print a LF. (check_ecc_sample_key): New. (main): Call new test. -- Q is the actual public key which is not used for signing. Thus we can make it optional and even speed up the signing by parsing less stuff. Note: There seems to be a memory leak somewhere. Running tests/pubkey with just the new test enabled shows it. Signed-off-by: Werner Koch diff --git a/cipher/ecc.c b/cipher/ecc.c index 8fcd57d..fbd8c6a 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1309,7 +1309,7 @@ ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey) (void)algo; if (!data || !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4] - || !skey[5] || !skey[6] ) + || !skey[6] ) return GPG_ERR_BAD_MPI; sk.E.p = skey[0]; @@ -1323,14 +1323,7 @@ ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey) return err; } sk.E.n = skey[4]; - point_init (&sk.Q); - err = os2ec (&sk.Q, skey[5]); - if (err) - { - point_free (&sk.E.G); - point_free (&sk.Q); - return err; - } + /* Note: We don't have any need for Q here. */ sk.d = skey[6]; resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.E.p)); @@ -1343,7 +1336,6 @@ ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey) resarr[0] = NULL; /* Mark array as released. */ } point_free (&sk.E.G); - point_free (&sk.Q); return err; } diff --git a/cipher/pubkey.c b/cipher/pubkey.c index c4be81c..cd07d17 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -1858,7 +1858,8 @@ sexp_elements_extract (gcry_sexp_t key_sexp, const char *element_names, of its intimate knowledge about the ECC parameters from ecc.c. */ static gcry_err_code_t sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names, - gcry_mpi_t *elements, pk_extra_spec_t *extraspec) + gcry_mpi_t *elements, pk_extra_spec_t *extraspec, + int want_private) { gcry_err_code_t err = 0; @@ -1939,8 +1940,13 @@ sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names, for (name = element_names, idx = 0; *name; name++, idx++) if (!elements[idx]) { - err = GPG_ERR_NO_OBJ; - goto leave; + if (want_private && *name == 'q') + ; /* Q is optional. */ + else + { + err = GPG_ERR_NO_OBJ; + goto leave; + } } leave: @@ -1994,7 +2000,7 @@ sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names, */ static gcry_err_code_t sexp_to_key (gcry_sexp_t sexp, int want_private, const char *override_elems, - gcry_mpi_t **retarray, gcry_module_t *retalgo) + gcry_mpi_t **retarray, gcry_module_t *retalgo, int *r_is_ecc) { gcry_err_code_t err = 0; gcry_sexp_t list, l2; @@ -2060,7 +2066,8 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, const char *override_elems, if (!err) { if (is_ecc) - err = sexp_elements_extract_ecc (list, elems, array, extraspec); + err = sexp_elements_extract_ecc (list, elems, array, extraspec, + want_private); else err = sexp_elements_extract (list, elems, array, pubkey->name); } @@ -2079,6 +2086,8 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, const char *override_elems, { *retarray = array; *retalgo = module; + if (r_is_ecc) + *r_is_ecc = is_ecc; } return err; @@ -2854,7 +2863,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) REGISTER_DEFAULT_PUBKEYS; /* Get the key. */ - rc = sexp_to_key (s_pkey, 0, NULL, &pkey, &module); + rc = sexp_to_key (s_pkey, 0, NULL, &pkey, &module, NULL); if (rc) goto leave; @@ -3027,7 +3036,7 @@ gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey) REGISTER_DEFAULT_PUBKEYS; - rc = sexp_to_key (s_skey, 1, NULL, &skey, &module_key); + rc = sexp_to_key (s_skey, 1, NULL, &skey, &module_key, NULL); if (rc) goto leave; @@ -3149,13 +3158,14 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) const char *algo_name, *algo_elems; struct pk_encoding_ctx ctx; int i; + int is_ecc; gcry_err_code_t rc; *r_sig = NULL; REGISTER_DEFAULT_PUBKEYS; - rc = sexp_to_key (s_skey, 1, NULL, &skey, &module); + rc = sexp_to_key (s_skey, 1, NULL, &skey, &module, &is_ecc); if (rc) goto leave; @@ -3168,8 +3178,10 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) algo_elems = pubkey->elements_sig; /* Get the stuff we want to sign. Note that pk_get_nbits does also - work on a private key. */ - init_encoding_ctx (&ctx, PUBKEY_OP_SIGN, gcry_pk_get_nbits (s_skey)); + work on a private key. We don't need the number of bits for ECC + here, thus set it to 0 so that we don't need to parse it. */ + init_encoding_ctx (&ctx, PUBKEY_OP_SIGN, + is_ecc? 0 : gcry_pk_get_nbits (s_skey)); rc = sexp_data_to_mpi (s_hash, &hash, &ctx); if (rc) goto leave; @@ -3287,7 +3299,7 @@ gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey) REGISTER_DEFAULT_PUBKEYS; - rc = sexp_to_key (s_pkey, 0, NULL, &pkey, &module_key); + rc = sexp_to_key (s_pkey, 0, NULL, &pkey, &module_key, NULL); if (rc) goto leave; @@ -3360,7 +3372,7 @@ gcry_pk_testkey (gcry_sexp_t s_key) REGISTER_DEFAULT_PUBKEYS; /* Note we currently support only secret key checking. */ - rc = sexp_to_key (s_key, 1, NULL, &key, &module); + rc = sexp_to_key (s_key, 1, NULL, &key, &module, NULL); if (! rc) { rc = pubkey_check_secret_key (module->mod_id, key); @@ -3689,9 +3701,13 @@ gcry_pk_get_nbits (gcry_sexp_t key) REGISTER_DEFAULT_PUBKEYS; - rc = sexp_to_key (key, 0, NULL, &keyarr, &module); + /* FIXME: Parsing KEY is often too much overhead. For example for + ECC we would only need to look at P and stop parsing right + away. */ + + rc = sexp_to_key (key, 0, NULL, &keyarr, &module, NULL); if (rc == GPG_ERR_INV_OBJ) - rc = sexp_to_key (key, 1, NULL, &keyarr, &module); + rc = sexp_to_key (key, 1, NULL, &keyarr, &module, NULL); if (rc) return 0; /* Error - 0 is a suitable indication for that. */ @@ -3862,7 +3878,7 @@ gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits) /* Get the key. We pass the names of the parameters for override_elems; this allows to call this function without the actual public key parameter. */ - if (sexp_to_key (key, want_private, "pabgn", &pkey, &module)) + if (sexp_to_key (key, want_private, "pabgn", &pkey, &module, NULL)) goto leave; } else diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 8f277c2..888a740 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2108,7 +2108,8 @@ used. For example (d @var{d-mpi}))) @end example -The @code{curve} parameter may be given in any case and is used to replace +Note that @var{q-point} is optional for a private key. The + at code{curve} parameter may be given in any case and is used to replace missing parameters. @noindent diff --git a/tests/pubkey.c b/tests/pubkey.c index 92e5f5d..4534175 100644 --- a/tests/pubkey.c +++ b/tests/pubkey.c @@ -110,6 +110,8 @@ die (const char *format, ...) va_start( arg_ptr, format ) ; vfprintf (stderr, format, arg_ptr ); va_end(arg_ptr); + if (*format && format[strlen(format)-1] != '\n') + putc ('\n', stderr); exit (1); } @@ -856,6 +858,79 @@ check_x931_derived_key (int what) +static void +check_ecc_sample_key (void) +{ + static const char ecc_private_key[] = + "(private-key\n" + " (ecdsa\n" + " (curve \"NIST P-256\")\n" + " (q #04D4F6A6738D9B8D3A7075C1E4EE95015FC0C9B7E4272D2BEB6644D3609FC781" + "B71F9A8072F58CB66AE2F89BB12451873ABF7D91F9E1FBF96BF2F70E73AAC9A283#)\n" + " (d #5A1EF0035118F19F3110FB81813D3547BCE1E5BCE77D1F744715E1D5BBE70378#)" + "))"; + static const char ecc_private_key_wo_q[] = + "(private-key\n" + " (ecdsa\n" + " (curve \"NIST P-256\")\n" + " (d #5A1EF0035118F19F3110FB81813D3547BCE1E5BCE77D1F744715E1D5BBE70378#)" + "))"; + static const char ecc_public_key[] = + "(public-key\n" + " (ecdsa\n" + " (curve \"NIST P-256\")\n" + " (q #04D4F6A6738D9B8D3A7075C1E4EE95015FC0C9B7E4272D2BEB6644D3609FC781" + "B71F9A8072F58CB66AE2F89BB12451873ABF7D91F9E1FBF96BF2F70E73AAC9A283#)" + "))"; + static const char hash_string[] = + "(data (flags raw)\n" + " (value #00112233445566778899AABBCCDDEEFF" + /* */ "000102030405060708090A0B0C0D0E0F#))"; + + gpg_error_t err; + gcry_sexp_t key, hash, sig; + + if (verbose) + fprintf (stderr, "Checking sample ECC key.\n"); + + if ((err = gcry_sexp_new (&hash, hash_string, 0, 1))) + die ("line %d: %s", __LINE__, gpg_strerror (err)); + + if ((err = gcry_sexp_new (&key, ecc_private_key, 0, 1))) + die ("line %d: %s", __LINE__, gpg_strerror (err)); + + if ((err = gcry_pk_sign (&sig, hash, key))) + die ("gcry_pk_sign failed: %s", gpg_strerror (err)); + + gcry_sexp_release (key); + if ((err = gcry_sexp_new (&key, ecc_public_key, 0, 1))) + die ("line %d: %s", __LINE__, gpg_strerror (err)); + + if ((err = gcry_pk_verify (sig, hash, key))) + die ("gcry_pk_verify failed: %s", gpg_strerror (err)); + + /* Now try signing without the Q parameter. */ + + gcry_sexp_release (key); + if ((err = gcry_sexp_new (&key, ecc_private_key_wo_q, 0, 1))) + die ("line %d: %s", __LINE__, gpg_strerror (err)); + + gcry_sexp_release (sig); + if ((err = gcry_pk_sign (&sig, hash, key))) + die ("gcry_pk_sign without Q failed: %s", gpg_strerror (err)); + + gcry_sexp_release (key); + if ((err = gcry_sexp_new (&key, ecc_public_key, 0, 1))) + die ("line %d: %s", __LINE__, gpg_strerror (err)); + + if ((err = gcry_pk_verify (sig, hash, key))) + die ("gcry_pk_verify signed without Q failed: %s", gpg_strerror (err)); + + gcry_sexp_release (sig); + gcry_sexp_release (key); + gcry_sexp_release (hash); +} + int main (int argc, char **argv) @@ -886,5 +961,7 @@ main (int argc, char **argv) for (i=0; i < 4; i++) check_x931_derived_key (i); + check_ecc_sample_key (); + return 0; } ----------------------------------------------------------------------- Summary of changes: AUTHORS | 2 +- cipher/ecc.c | 12 +------- cipher/pubkey.c | 46 ++++++++++++++++++++++---------- doc/gcrypt.texi | 3 +- tests/pubkey.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 113 insertions(+), 27 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 11 20:47:31 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 11 Apr 2013 20:47:31 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-113-g1f3cfad Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 1f3cfad66456dd6f2e48f20b8eb0c51343449a1c (commit) via a4e1f6ae7ea7f140e36c331a362bc299dce08416 (commit) via 7524da2ba83d83a766c22d704006380c893e1c49 (commit) from 56a1f6088fabfb0535da2b6a625a907b41b4c271 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1f3cfad66456dd6f2e48f20b8eb0c51343449a1c Author: Werner Koch Date: Thu Apr 11 20:27:46 2013 +0200 Add gcry_pubkey_get_sexp. * src/gcrypt.h.in (GCRY_PK_GET_PUBKEY): New. (GCRY_PK_GET_SECKEY): New. (gcry_pubkey_get_sexp): New. * src/visibility.c (gcry_pubkey_get_sexp): New. * src/visibility.h (gcry_pubkey_get_sexp): Mark visible. * src/libgcrypt.def, src/libgcrypt.vers: Add new function. * cipher/pubkey-internal.h: New. * cipher/Makefile.am (libcipher_la_SOURCES): Add new file. * cipher/ecc.c: Include pubkey-internal.h (_gcry_pk_ecc_get_sexp): New. * cipher/pubkey.c: Include pubkey-internal.h and context.h. (_gcry_pubkey_get_sexp): New. * src/context.c (_gcry_ctx_find_pointer): New. * src/cipher-proto.h: Add _gcry_pubkey_get_sexp. * tests/t-mpi-point.c (print_sexp): New. (context_param, basic_ec_math_simplified): Add tests for the new function. * configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11. (AH_BOTTOM) Add error codes from gpg-error 1.12 * src/g10lib.h (fips_not_operational): Use GPG_ERR_NOT_OPERATIONAL. * mpi/ec.c (_gcry_mpi_ec_get_mpi): Fix computation of Q. (_gcry_mpi_ec_get_point): Ditto. -- While checking the new code I figured that the auto-computation of Q must have led to a segv. It seems we had no test case for that. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 926e531..c4f89c1 100644 --- a/NEWS +++ b/NEWS @@ -2,7 +2,8 @@ Noteworthy changes in version 1.6.0 (unreleased) ------------------------------------------------ * Removed the long deprecated gcry_ac interface. Thus Libgcrypt is - not anymore ABI compatible too previous versions. + not anymore ABI compatible to previous versions if they used the ac + interface. * Removed the module register subsystem. @@ -61,6 +62,7 @@ Noteworthy changes in version 1.6.0 (unreleased) GCRYMPI_FLAG_CONST NEW. GCRYPT_VERSION_NUMBER NEW. GCRY_KDF_SCRYPT NEW. + gcry_pubkey_get_sexp NEW. Noteworthy changes in version 1.5.0 (2011-06-29) diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 5189794..396e5a2 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -40,7 +40,8 @@ libcipher_la_LIBADD = $(GCRYPT_MODULES) libcipher_la_SOURCES = \ cipher.c cipher-internal.h \ cipher-cbc.c cipher-cfb.c cipher-ofb.c cipher-ctr.c cipher-aeswrap.c \ -pubkey.c md.c \ +pubkey.c pubkey-internal.h \ +md.c \ kdf.c kdf-internal.h \ hmac-tests.c \ bithelp.h \ diff --git a/cipher/ecc.c b/cipher/ecc.c index fbd8c6a..34ed2c3 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -66,6 +66,7 @@ #include "cipher.h" #include "context.h" #include "ec-context.h" +#include "pubkey-internal.h" /* Definition of a curve. */ typedef struct @@ -1985,6 +1986,79 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx, } +/* This is the wroker function for gcry_pubkey_get_sexp for ECC + algorithms. Note that the caller has already stored NULL at + R_SEXP. */ +gpg_err_code_t +_gcry_pk_ecc_get_sexp (gcry_sexp_t *r_sexp, int mode, mpi_ec_t ec) +{ + gpg_err_code_t rc; + gcry_mpi_t mpi_G = NULL; + gcry_mpi_t mpi_Q = NULL; + + if (!ec->p || !ec->a || !ec->b || !ec->G || !ec->n) + return GPG_ERR_BAD_CRYPT_CTX; + + if (mode == GCRY_PK_GET_SECKEY && !ec->d) + return GPG_ERR_NO_SECKEY; + + /* Compute the public point if it is missing. */ + if (!ec->Q && ec->d) + { + ec->Q = gcry_mpi_point_new (0); + _gcry_mpi_ec_mul_point (ec->Q, ec->d, ec->G, ec); + } + + /* Encode G and Q. */ + mpi_G = _gcry_mpi_ec_ec2os (ec->G, ec); + if (!mpi_G) + { + rc = GPG_ERR_BROKEN_PUBKEY; + goto leave; + } + if (!ec->Q) + { + rc = GPG_ERR_BAD_CRYPT_CTX; + goto leave; + } + mpi_Q = _gcry_mpi_ec_ec2os (ec->Q, ec); + if (!mpi_Q) + { + rc = GPG_ERR_BROKEN_PUBKEY; + goto leave; + } + + /* Fixme: We should return a curve name instead of the parameters if + if know that they match a curve. */ + + if (ec->d && (!mode || mode == GCRY_PK_GET_SECKEY)) + { + /* Let's return a private key. */ + rc = gpg_err_code + (gcry_sexp_build + (r_sexp, NULL, + "(private-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)(d%m)))", + ec->p, ec->a, ec->b, mpi_G, ec->n, mpi_Q, ec->d)); + } + else if (ec->Q) + { + /* Let's return a public key. */ + rc = gpg_err_code + (gcry_sexp_build + (r_sexp, NULL, + "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)))", + ec->p, ec->a, ec->b, mpi_G, ec->n, mpi_Q)); + } + else + rc = GPG_ERR_BAD_CRYPT_CTX; + + leave: + mpi_free (mpi_Q); + mpi_free (mpi_G); + return rc; +} + + /* Self-test section. diff --git a/src/context.h b/cipher/pubkey-internal.h similarity index 62% copy from src/context.h copy to cipher/pubkey-internal.h index 72f14d4..0ca17a5 100644 --- a/src/context.h +++ b/cipher/pubkey-internal.h @@ -1,5 +1,5 @@ -/* context.h - Declarations for the context management - * Copyright (C) 2013 g10 Code GmbH +/* pubkey-internal.h - Internal defs for pubkey.c + * Copyright (C) 2013 g10 code GmbH * * This file is part of Libgcrypt. * @@ -17,15 +17,13 @@ * License along with this program; if not, see . */ -#ifndef GCRY_CONTEXT_H -#define GCRY_CONTEXT_H +#ifndef GCRY_PUBKEY_INTERNAL_H +#define GCRY_PUBKEY_INTERNAL_H -/* Context types as used in struct gcry_context. */ -#define CONTEXT_TYPE_EC 1 /* The context is used with EC functions. */ +/*-- ecc.c --*/ +gpg_err_code_t _gcry_pk_ecc_get_sexp (gcry_sexp_t *r_sexp, int mode, + mpi_ec_t ec); -gcry_ctx_t _gcry_ctx_alloc (int type, size_t length, void (*deinit)(void*)); -void *_gcry_ctx_get_pointer (gcry_ctx_t ctx, int type); - -#endif /*GCRY_CONTEXT_H*/ +#endif /*GCRY_PUBKEY_INTERNAL_H*/ diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 8b6356f..00317b5 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -1,6 +1,7 @@ /* pubkey.c - pubkey dispatcher * Copyright (C) 1998, 1999, 2000, 2002, 2003, 2005, * 2007, 2008, 2011 Free Software Foundation, Inc. + * Copyright (C) 2013 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -28,6 +29,8 @@ #include "mpi.h" #include "cipher.h" #include "ath.h" +#include "context.h" +#include "pubkey-internal.h" static gcry_err_code_t pubkey_decrypt (int algo, gcry_mpi_t *result, @@ -4068,6 +4071,48 @@ gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes) } +/* Return an S-expression representing the context CTX. Depending on + the state of that context, the S-expression may either be a public + key, a private key or any other object used with public key + operations. On success a new S-expression is stored at R_SEXP and + 0 is returned, on error NULL is store there and an error code is + returned. MODE is either 0 or one of the GCRY_PK_GET_xxx values. + + As of now it only support certain ECC operations because a context + object is right now only defined for ECC. Over time this function + will be extended to cover more algorithms. Note also that the name + of the function is gcry_pubkey_xxx and not gcry_pk_xxx. The idea + is that we will eventually provide variants of the existing + gcry_pk_xxx functions which will take a context parameter. */ +gcry_err_code_t +_gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, int mode, gcry_ctx_t ctx) +{ + mpi_ec_t ec; + + if (!r_sexp) + return GPG_ERR_INV_VALUE; + *r_sexp = NULL; + switch (mode) + { + case 0: + case GCRY_PK_GET_PUBKEY: + case GCRY_PK_GET_SECKEY: + break; + default: + return GPG_ERR_INV_VALUE; + } + if (!ctx) + return GPG_ERR_NO_CRYPT_CTX; + + ec = _gcry_ctx_find_pointer (ctx, CONTEXT_TYPE_EC); + if (ec) + return _gcry_pk_ecc_get_sexp (r_sexp, mode, ec); + + return GPG_ERR_WRONG_CRYPT_CTX; +} + + + /* Explicitly initialize this module. */ gcry_err_code_t _gcry_pk_init (void) diff --git a/configure.ac b/configure.ac index c597389..079951d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # Configure.ac script for Libgcrypt # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006, # 2007, 2008, 2009, 2011 Free Software Foundation, Inc. -# Copyright (C) 2012 g10 Code GmbH +# Copyright (C) 2012, 2013 g10 Code GmbH # # This file is part of Libgcrypt. # @@ -65,7 +65,7 @@ LIBGCRYPT_LT_REVISION=0 # If the API is changed in an incompatible way: increment the next counter. LIBGCRYPT_CONFIG_API_VERSION=1 -NEED_GPG_ERROR_VERSION=1.8 +NEED_GPG_ERROR_VERSION=1.11 PACKAGE=$PACKAGE_NAME VERSION=$PACKAGE_VERSION @@ -105,10 +105,14 @@ AH_BOTTOM([ properly prefixed. */ #define CAMELLIA_EXT_SYM_PREFIX _gcry_ -/* This error code is only available with gpg-error 1.7. Thus - we define it here with the usual gcry prefix. */ -#define GCRY_GPG_ERR_NOT_OPERATIONAL 176 - +/* These error codes are used but not defined in the required + libgpg-error 1.11. Define them here. */ +#define GPG_ERR_NO_CRYPT_CTX 191 +#define GPG_ERR_WRONG_CRYPT_CTX 192 +#define GPG_ERR_BAD_CRYPT_CTX 193 +#define GPG_ERR_CRYPT_CTX_CONFLICT 194 +#define GPG_ERR_BROKEN_PUBKEY 195 +#define GPG_ERR_BROKEN_SECKEY 196 #endif /*_GCRYPT_CONFIG_H_INCLUDED*/ ]) diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 888a740..5d9bd2f 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2722,6 +2722,50 @@ algorithm provides them. @end deftypefun @c end gcry_pk_genkey + + at noindent +Future versions of Libgcrypt will have extended versions of the public +key interfaced which will take an additional context to allow for +pre-computations, special operations, and other optimization. As a +first step a new function is introduced to help using the ECC +algorithms in new ways: + + at deftypefun gcry_error_t gcry_pubkey_get_sexp (@w{gcry_sexp_t *@var{r_sexp}}, @ + w{int @var{mode}}, @w{gcry_ctx_t @var{ctx}}) + +Return an S-expression representing the context @var{ctx}. Depending +on the state of that context, the S-expression may either be a public +key, a private key or any other object used with public key +operations. On success 0 is returned and a new S-expression is stored +at @var{r_sexp}; on error an error code is returned and NULL is stored +at @var{r_sexp}. @var{mode} must be one of: + + at table @code + at item 0 +Decide what to return depending on the context. For example if the +private key parameter is available a private key is returned, if not a +public key is returned. + + at item GCRY_PK_GET_PUBKEY +Return the public key even if the context has the private key +parameter. + + at item GCRY_PK_GET_SECKEY +Return the private key or the error @code{GPG_ERR_NO_SECKEY} if it is +not possible. + at end table + +As of now this function supports only certain ECC operations because a +context object is right now only defined for ECC. Over time this +function will be extended to cover more algorithms. + + at end deftypefun + at c end gcry_pubkey_get_sexp + + + + + @c ********************************************************** @c ******************* Hash Functions ********************* @c ********************************************************** diff --git a/mpi/ec.c b/mpi/ec.c index cd19c81..c736706 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -546,7 +546,10 @@ _gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy) { /* If only the private key is given, compute the public key. */ if (!ec->Q && ec->d && ec->G && ec->p && ec->a) - _gcry_mpi_ec_mul_point (ec->Q, ec->d, ec->G, ec); + { + ec->Q = gcry_mpi_point_new (0); + _gcry_mpi_ec_mul_point (ec->Q, ec->d, ec->G, ec); + } if (ec->Q) return _gcry_mpi_ec_ec2os (ec->Q, ec); @@ -569,7 +572,10 @@ _gcry_mpi_ec_get_point (const char *name, gcry_ctx_t ctx, int copy) { /* If only the private key is given, compute the public key. */ if (!ec->Q && ec->d && ec->G && ec->p && ec->a) - _gcry_mpi_ec_mul_point (ec->Q, ec->d, ec->G, ec); + { + ec->Q = gcry_mpi_point_new (0); + _gcry_mpi_ec_mul_point (ec->Q, ec->d, ec->G, ec); + } if (ec->Q) return point_copy (ec->Q); diff --git a/src/cipher-proto.h b/src/cipher-proto.h index 347681f..e2f913d 100644 --- a/src/cipher-proto.h +++ b/src/cipher-proto.h @@ -121,4 +121,10 @@ gcry_error_t _gcry_hmac_selftest (int algo, int extended, gcry_error_t _gcry_random_selftest (selftest_report_func_t report); + +/*-- pubkey.c --*/ +gcry_err_code_t _gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, + int reserved, gcry_ctx_t ctx); + + #endif /*G10_CIPHER_PROTO_H*/ diff --git a/src/context.c b/src/context.c index 2c02c9c..1b8090d 100644 --- a/src/context.c +++ b/src/context.c @@ -94,6 +94,25 @@ _gcry_ctx_get_pointer (gcry_ctx_t ctx, int type) return &ctx->u; } +/* Return a pointer to the private part of the context CTX. TYPE is + the requested context type. Using an explicit type allows to cross + check the type and eventually allows to store several private + contexts in one context object. In contrast to + _gcry_ctx_get_pointer, this function returns NULL if no context for + the given type was found. If CTX is NULL the function does not + abort but returns NULL. */ +void * +_gcry_ctx_find_pointer (gcry_ctx_t ctx, int type) +{ + if (!ctx) + return NULL; + if (memcmp (ctx->magic, CTX_MAGIC, CTX_MAGIC_LEN)) + log_fatal ("bad pointer %p passed to _gcry_ctx_get_pointer\n", ctx); + if (ctx->type != type) + return NULL; + return &ctx->u; +} + /* Release the generic context CTX. */ void diff --git a/src/context.h b/src/context.h index 72f14d4..875de24 100644 --- a/src/context.h +++ b/src/context.h @@ -26,6 +26,7 @@ gcry_ctx_t _gcry_ctx_alloc (int type, size_t length, void (*deinit)(void*)); void *_gcry_ctx_get_pointer (gcry_ctx_t ctx, int type); +void *_gcry_ctx_find_pointer (gcry_ctx_t ctx, int type); #endif /*GCRY_CONTEXT_H*/ diff --git a/src/g10lib.h b/src/g10lib.h index d1bcfa9..23ea096 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -394,7 +394,7 @@ void _gcry_fips_signal_error (const char *srcfile, int _gcry_fips_is_operational (void); #define fips_is_operational() (_gcry_global_is_operational ()) -#define fips_not_operational() (GCRY_GPG_ERR_NOT_OPERATIONAL) +#define fips_not_operational() (GPG_ERR_NOT_OPERATIONAL) int _gcry_fips_test_operational (void); int _gcry_fips_test_error_or_operational (void); diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 72fb6d3..85213ea 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -944,6 +944,10 @@ enum gcry_pk_algos #define GCRY_PK_USAGE_AUTH 8 /* Good for authentication. */ #define GCRY_PK_USAGE_UNKN 128 /* Unknown usage flag. */ +/* Modes used with gcry_pubkey_get_sexp. */ +#define GCRY_PK_GET_PUBKEY 1 +#define GCRY_PK_GET_SECKEY 2 + /* Encrypt the DATA using the public key PKEY and store the result as a newly created S-expression at RESULT. */ gcry_error_t gcry_pk_encrypt (gcry_sexp_t *result, @@ -1007,6 +1011,9 @@ gcry_sexp_t gcry_pk_get_param (int algo, const char *name); #define gcry_pk_test_algo(a) \ gcry_pk_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) +/* Return an S-expression representing the context CTX. */ +gcry_error_t gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, + int mode, gcry_ctx_t ctx); diff --git a/src/libgcrypt.def b/src/libgcrypt.def index 061c7e3..4da4623 100644 --- a/src/libgcrypt.def +++ b/src/libgcrypt.def @@ -232,3 +232,5 @@ EXPORTS gcry_mpi_ec_dup @209 gcry_mpi_ec_add @210 gcry_mpi_ec_mul @211 + + gcry_pubkey_get_sexp @212 diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers index 65959d3..29e46db 100644 --- a/src/libgcrypt.vers +++ b/src/libgcrypt.vers @@ -58,6 +58,8 @@ GCRYPT_1.6 { gcry_pk_testkey; gcry_pk_verify; gcry_pk_get_curve; gcry_pk_get_param; + gcry_pubkey_get_sexp; + gcry_kdf_derive; gcry_prime_check; gcry_prime_generate; diff --git a/src/visibility.c b/src/visibility.c index ed68b86..b503be6 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -862,6 +862,17 @@ gcry_pk_get_param (int algo, const char *name) } gcry_error_t +gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, int mode, gcry_ctx_t ctx) +{ + if (!fips_is_operational ()) + { + *r_sexp = NULL; + return gpg_error (fips_not_operational ()); + } + return gpg_error (_gcry_pubkey_get_sexp (r_sexp, mode, ctx)); +} + +gcry_error_t gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags) { if (!fips_is_operational ()) diff --git a/src/visibility.h b/src/visibility.h index 031537a..1564e86 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -494,6 +494,7 @@ MARK_VISIBLE (gcry_pk_map_name) MARK_VISIBLE (gcry_pk_sign) MARK_VISIBLE (gcry_pk_testkey) MARK_VISIBLE (gcry_pk_verify) +MARK_VISIBLEX(gcry_pubkey_get_sexp) MARK_VISIBLE (gcry_kdf_derive) diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c index a3b6c56..9f7360e 100644 --- a/tests/t-mpi-point.c +++ b/tests/t-mpi-point.c @@ -216,6 +216,23 @@ print_point (const char *text, gcry_mpi_point_t a) } +static void +print_sexp (const char *prefix, gcry_sexp_t a) +{ + char *buf; + size_t size; + + if (prefix) + fputs (prefix, stderr); + size = gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, NULL, 0); + buf = gcry_xmalloc (size); + + gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, buf, size); + fprintf (stderr, "%.*s", (int)size, buf); + gcry_free (buf); +} + + static gcry_mpi_t hex2mpi (const char *string) { @@ -500,9 +517,34 @@ context_param (void) gpg_strerror (err)); else { + gcry_sexp_t sexp; + get_and_cmp_mpi ("q", sample_p256_q, "NIST P-256", ctx); get_and_cmp_point ("q", sample_p256_q_x, sample_p256_q_y, "NIST P-256", ctx); + + err = gcry_pubkey_get_sexp (&sexp, 0, ctx); + if (err) + fail ("gcry_pubkey_get_sexp(0) failed: %s\n", gpg_strerror (err)); + else if (debug) + print_sexp ("Result of gcry_pubkey_get_sexp (0):\n", sexp); + gcry_sexp_release (sexp); + + err = gcry_pubkey_get_sexp (&sexp, GCRY_PK_GET_PUBKEY, ctx); + if (err) + fail ("gcry_pubkey_get_sexp(GET_PUBKEY) failed: %s\n", + gpg_strerror (err)); + else if (debug) + print_sexp ("Result of gcry_pubkey_get_sexp (GET_PUBKEY):\n", sexp); + gcry_sexp_release (sexp); + + err = gcry_pubkey_get_sexp (&sexp, GCRY_PK_GET_SECKEY, ctx); + if (gpg_err_code (err) != GPG_ERR_NO_SECKEY) + fail ("gcry_pubkey_get_sexp(GET_SECKEY) returned wrong error: %s\n", + gpg_strerror (err)); + gcry_sexp_release (sexp); + + gcry_ctx_release (ctx); } gcry_sexp_release (keyparam); @@ -537,7 +579,7 @@ basic_ec_math (void) gcry_mpi_t d; gcry_mpi_t x, y, z; - wherestr = "set_get_point"; + wherestr = "basic_ec_math"; show ("checking basic math functions for EC\n"); P = hex2mpi ("0xfffffffffffffffffffffffffffffffeffffffffffffffff"); @@ -600,8 +642,9 @@ basic_ec_math_simplified (void) gcry_mpi_point_t G, Q; gcry_mpi_t d; gcry_mpi_t x, y, z; + gcry_sexp_t sexp; - wherestr = "set_get_point"; + wherestr = "basic_ec_math_simplified"; show ("checking basic math functions for EC (variant)\n"); d = hex2mpi ("D4EF27E32F8AD8E2A1C6DDEBB1D235A69E3CEF9BCE90273D"); @@ -644,6 +687,63 @@ basic_ec_math_simplified (void) gcry_mpi_release (z); gcry_mpi_release (y); gcry_mpi_release (x); + + /* Let us also check wheer we can update the context. */ + err = gcry_mpi_ec_set_point ("g", G, ctx); + if (err) + die ("gcry_mpi_ec_set_point(G) failed\n"); + err = gcry_mpi_ec_set_mpi ("d", d, ctx); + if (err) + die ("gcry_mpi_ec_set_mpi(d) failed\n"); + + /* FIXME: Below we need to check that the returned S-expression is + as requested. For now we use manual inspection using --debug. */ + + /* Does get_sexp return the private key? */ + err = gcry_pubkey_get_sexp (&sexp, 0, ctx); + if (err) + fail ("gcry_pubkey_get_sexp(0) failed: %s\n", gpg_strerror (err)); + else if (verbose) + print_sexp ("Result of gcry_pubkey_get_sexp (0):\n", sexp); + gcry_sexp_release (sexp); + + /* Does get_sexp return the public key if requested? */ + err = gcry_pubkey_get_sexp (&sexp, GCRY_PK_GET_PUBKEY, ctx); + if (err) + fail ("gcry_pubkey_get_sexp(GET_PUBKEY) failed: %s\n", gpg_strerror (err)); + else if (verbose) + print_sexp ("Result of gcry_pubkey_get_sexp (GET_PUBKEY):\n", sexp); + gcry_sexp_release (sexp); + + /* Does get_sexp return the public key if after d has been deleted? */ + err = gcry_mpi_ec_set_mpi ("d", NULL, ctx); + if (err) + die ("gcry_mpi_ec_set_mpi(d=NULL) failed\n"); + err = gcry_pubkey_get_sexp (&sexp, 0, ctx); + if (err) + fail ("gcry_pubkey_get_sexp(0 w/o d) failed: %s\n", gpg_strerror (err)); + else if (verbose) + print_sexp ("Result of gcry_pubkey_get_sexp (0 w/o d):\n", sexp); + gcry_sexp_release (sexp); + + /* Does get_sexp return an error after d has been deleted? */ + err = gcry_pubkey_get_sexp (&sexp, GCRY_PK_GET_SECKEY, ctx); + if (gpg_err_code (err) != GPG_ERR_NO_SECKEY) + fail ("gcry_pubkey_get_sexp(GET_SECKEY) returned wrong error: %s\n", + gpg_strerror (err)); + gcry_sexp_release (sexp); + + /* Does get_sexp return an error after d and Q have been deleted? */ + err = gcry_mpi_ec_set_point ("q", NULL, ctx); + if (err) + die ("gcry_mpi_ec_set_point(q=NULL) failed\n"); + err = gcry_pubkey_get_sexp (&sexp, 0, ctx); + if (gpg_err_code (err) != GPG_ERR_BAD_CRYPT_CTX) + fail ("gcry_pubkey_get_sexp(0 w/o Q,d) returned wrong error: %s\n", + gpg_strerror (err)); + gcry_sexp_release (sexp); + + gcry_mpi_point_release (Q); gcry_mpi_release (d); gcry_mpi_point_release (G); commit a4e1f6ae7ea7f140e36c331a362bc299dce08416 Author: Werner Koch Date: Thu Apr 11 10:43:05 2013 +0200 Remove obsolete warning note from gcry_pk_keygrip. -- The keygrip is for a long time now a standard feature of libgcrypt. The existance of the warning comment in gcrypt.h was an oversight. Signed-off-by: Werner Koch diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 3b37e19..72fb6d3 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -991,8 +991,8 @@ int gcry_pk_map_name (const char* name) _GCRY_GCC_ATTR_PURE; public or private KEY. */ unsigned int gcry_pk_get_nbits (gcry_sexp_t key) _GCRY_GCC_ATTR_PURE; -/* Please note that keygrip is still experimental and should not be - used without contacting the author. */ +/* Return the so called KEYGRIP which is the SHA-1 hash of the public + key parameters expressed in a way depending on the algorithm. */ unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array); /* Return the name of the curve matching KEY. */ commit 7524da2ba83d83a766c22d704006380c893e1c49 Author: Werner Koch Date: Thu Apr 11 10:38:22 2013 +0200 Remove unused code. * cipher/pubkey.c (_gcry_pk_module_lookup, _gcry_pk_module_release) (_gcry_pk_get_elements): Remove. -- This code was only used by the removed ac interface. Signed-off-by: Werner Koch diff --git a/cipher/pubkey.c b/cipher/pubkey.c index cd07d17..8b6356f 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -4084,35 +4084,6 @@ _gcry_pk_init (void) } -gcry_err_code_t -_gcry_pk_module_lookup (int algorithm, gcry_module_t *module) -{ - gcry_err_code_t err = GPG_ERR_NO_ERROR; - gcry_module_t pubkey; - - REGISTER_DEFAULT_PUBKEYS; - - ath_mutex_lock (&pubkeys_registered_lock); - pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm); - if (pubkey) - *module = pubkey; - else - err = GPG_ERR_PUBKEY_ALGO; - ath_mutex_unlock (&pubkeys_registered_lock); - - return err; -} - - -void -_gcry_pk_module_release (gcry_module_t module) -{ - ath_mutex_lock (&pubkeys_registered_lock); - _gcry_module_release (module); - ath_mutex_unlock (&pubkeys_registered_lock); -} - - /* Run the selftests for pubkey algorithm ALGO with optional reporting function REPORT. */ gpg_error_t @@ -4149,66 +4120,3 @@ _gcry_pk_selftest (int algo, int extended, selftest_report_func_t report) } return gpg_error (ec); } - - -/* This function is only used by ac.c! */ -gcry_err_code_t -_gcry_pk_get_elements (int algo, char **enc, char **sig) -{ - gcry_module_t pubkey; - gcry_pk_spec_t *spec; - gcry_err_code_t err; - char *enc_cp; - char *sig_cp; - - REGISTER_DEFAULT_PUBKEYS; - - enc_cp = NULL; - sig_cp = NULL; - spec = NULL; - - pubkey = _gcry_module_lookup_id (pubkeys_registered, algo); - if (! pubkey) - { - err = GPG_ERR_INTERNAL; - goto out; - } - spec = pubkey->spec; - - if (enc) - { - enc_cp = strdup (spec->elements_enc); - if (! enc_cp) - { - err = gpg_err_code_from_syserror (); - goto out; - } - } - - if (sig) - { - sig_cp = strdup (spec->elements_sig); - if (! sig_cp) - { - err = gpg_err_code_from_syserror (); - goto out; - } - } - - if (enc) - *enc = enc_cp; - if (sig) - *sig = sig_cp; - err = 0; - - out: - - _gcry_module_release (pubkey); - if (err) - { - free (enc_cp); - free (sig_cp); - } - - return err; -} diff --git a/src/g10lib.h b/src/g10lib.h index 3caa2be..d1bcfa9 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -350,10 +350,6 @@ gcry_err_code_t _gcry_pk_init (void); gcry_err_code_t _gcry_secmem_module_init (void); gcry_err_code_t _gcry_mpi_init (void); -gcry_err_code_t _gcry_pk_module_lookup (int id, gcry_module_t *module); -void _gcry_pk_module_release (gcry_module_t module); -gcry_err_code_t _gcry_pk_get_elements (int algo, char **enc, char **sig); - /* Memory management. */ #define GCRY_ALLOC_FLAG_SECURE (1 << 0) ----------------------------------------------------------------------- Summary of changes: NEWS | 4 +- cipher/Makefile.am | 3 +- cipher/ecc.c | 74 ++++++++++++++ src/hwf-common.h => cipher/pubkey-internal.h | 15 ++- cipher/pubkey.c | 135 +++++++++----------------- configure.ac | 16 ++- doc/gcrypt.texi | 44 +++++++++ mpi/ec.c | 10 ++- src/cipher-proto.h | 6 + src/context.c | 19 ++++ src/context.h | 1 + src/g10lib.h | 6 +- src/gcrypt.h.in | 11 ++- src/libgcrypt.def | 2 + src/libgcrypt.vers | 2 + src/visibility.c | 11 ++ src/visibility.h | 1 + tests/t-mpi-point.c | 104 +++++++++++++++++++- 18 files changed, 348 insertions(+), 116 deletions(-) copy src/hwf-common.h => cipher/pubkey-internal.h (68%) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 12 18:37:19 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 12 Apr 2013 18:37:19 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-114-gaf8a79a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via af8a79aea80217a0c85a592db1fa001792a6bf0f (commit) from 1f3cfad66456dd6f2e48f20b8eb0c51343449a1c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit af8a79aea80217a0c85a592db1fa001792a6bf0f Author: Werner Koch Date: Fri Apr 12 00:16:24 2013 +0200 Add hack to allow using an "ecc" key for "ecdsa" or "ecdh". * cipher/pubkey.c (sexp_to_key): Add optional arg USE. (gcry_pk_encrypt, gcry_pk_decrypt): Call sexp_to_key with usage sign. (gcry_pk_sign, gcry_pk_verify): Call sexp_to_key with usage encrypt. * tests/basic.c (show_sexp): New. (check_pubkey_sign): Print test number and add cases for ecc. (check_pubkey_sign_ecdsa): New. (do_check_one_pubkey): Divert to new function. -- The problem we try to address is that in the mdoule specs both, ECDSA and ECDH have the same alias name "ecc". This patch allows to use for example gcry_pk_verify with a key that has only "ecc" in it. Signed-off-by: Werner Koch diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 00317b5..378e072 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -2002,7 +2002,8 @@ sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names, * The are expected to be in GCRYMPI_FMT_USG */ static gcry_err_code_t -sexp_to_key (gcry_sexp_t sexp, int want_private, const char *override_elems, +sexp_to_key (gcry_sexp_t sexp, int want_private, int use, + const char *override_elems, gcry_mpi_t **retarray, gcry_module_t *retalgo, int *r_is_ecc) { gcry_err_code_t err = 0; @@ -2031,19 +2032,31 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, const char *override_elems, return GPG_ERR_INV_OBJ; /* Invalid structure of object. */ } - ath_mutex_lock (&pubkeys_registered_lock); - module = gcry_pk_lookup_name (name); - ath_mutex_unlock (&pubkeys_registered_lock); - /* Fixme: We should make sure that an ECC key is always named "ecc" and not "ecdsa". "ecdsa" should be used for the signature itself. We need a function to test whether an algorithm given with a key is compatible with an application of the key (signing, encryption). For RSA this is easy, but ECC is the first - algorithm which has many flavours. */ - is_ecc = ( !strcmp (name, "ecdsa") - || !strcmp (name, "ecdh") - || !strcmp (name, "ecc") ); + algorithm which has many flavours. + + We use an ugly hack here to decide whether to use ecdsa or ecdh. + */ + if (!strcmp (name, "ecc")) + is_ecc = 2; + else if (!strcmp (name, "ecdsa") || !strcmp (name, "ecdh")) + is_ecc = 1; + else + is_ecc = 0; + + ath_mutex_lock (&pubkeys_registered_lock); + if (is_ecc == 2 && (use & GCRY_PK_USAGE_SIGN)) + module = gcry_pk_lookup_name ("ecdsa"); + else if (is_ecc == 2 && (use & GCRY_PK_USAGE_ENCR)) + module = gcry_pk_lookup_name ("ecdh"); + else + module = gcry_pk_lookup_name (name); + ath_mutex_unlock (&pubkeys_registered_lock); + gcry_free (name); if (!module) @@ -2866,7 +2879,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) REGISTER_DEFAULT_PUBKEYS; /* Get the key. */ - rc = sexp_to_key (s_pkey, 0, NULL, &pkey, &module, NULL); + rc = sexp_to_key (s_pkey, 0, GCRY_PK_USAGE_ENCR, NULL, &pkey, &module, NULL); if (rc) goto leave; @@ -3039,7 +3052,8 @@ gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey) REGISTER_DEFAULT_PUBKEYS; - rc = sexp_to_key (s_skey, 1, NULL, &skey, &module_key, NULL); + rc = sexp_to_key (s_skey, 1, GCRY_PK_USAGE_ENCR, NULL, + &skey, &module_key, NULL); if (rc) goto leave; @@ -3168,7 +3182,8 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) REGISTER_DEFAULT_PUBKEYS; - rc = sexp_to_key (s_skey, 1, NULL, &skey, &module, &is_ecc); + rc = sexp_to_key (s_skey, 1, GCRY_PK_USAGE_SIGN, NULL, + &skey, &module, &is_ecc); if (rc) goto leave; @@ -3302,7 +3317,8 @@ gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey) REGISTER_DEFAULT_PUBKEYS; - rc = sexp_to_key (s_pkey, 0, NULL, &pkey, &module_key, NULL); + rc = sexp_to_key (s_pkey, 0, GCRY_PK_USAGE_SIGN, NULL, + &pkey, &module_key, NULL); if (rc) goto leave; @@ -3375,7 +3391,7 @@ gcry_pk_testkey (gcry_sexp_t s_key) REGISTER_DEFAULT_PUBKEYS; /* Note we currently support only secret key checking. */ - rc = sexp_to_key (s_key, 1, NULL, &key, &module, NULL); + rc = sexp_to_key (s_key, 1, 0, NULL, &key, &module, NULL); if (! rc) { rc = pubkey_check_secret_key (module->mod_id, key); @@ -3708,9 +3724,9 @@ gcry_pk_get_nbits (gcry_sexp_t key) ECC we would only need to look at P and stop parsing right away. */ - rc = sexp_to_key (key, 0, NULL, &keyarr, &module, NULL); + rc = sexp_to_key (key, 0, 0, NULL, &keyarr, &module, NULL); if (rc == GPG_ERR_INV_OBJ) - rc = sexp_to_key (key, 1, NULL, &keyarr, &module, NULL); + rc = sexp_to_key (key, 1, 0, NULL, &keyarr, &module, NULL); if (rc) return 0; /* Error - 0 is a suitable indication for that. */ @@ -3881,7 +3897,7 @@ gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits) /* Get the key. We pass the names of the parameters for override_elems; this allows to call this function without the actual public key parameter. */ - if (sexp_to_key (key, want_private, "pabgn", &pkey, &module, NULL)) + if (sexp_to_key (key, want_private, 0, "pabgn", &pkey, &module, NULL)) goto leave; } else diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 5d9bd2f..cace087 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2731,7 +2731,7 @@ first step a new function is introduced to help using the ECC algorithms in new ways: @deftypefun gcry_error_t gcry_pubkey_get_sexp (@w{gcry_sexp_t *@var{r_sexp}}, @ - w{int @var{mode}}, @w{gcry_ctx_t @var{ctx}}) + @w{int @var{mode}}, @w{gcry_ctx_t @var{ctx}}) Return an S-expression representing the context @var{ctx}. Depending on the state of that context, the S-expression may either be a public diff --git a/tests/basic.c b/tests/basic.c index 656d76c..c92750c 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -99,6 +99,24 @@ die (const char *format, ...) exit (1); } + +static void +show_sexp (const char *prefix, gcry_sexp_t a) +{ + char *buf; + size_t size; + + if (prefix) + fputs (prefix, stderr); + size = gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, NULL, 0); + buf = gcry_xmalloc (size); + + gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, buf, size); + fprintf (stderr, "%.*s", (int)size, buf); + gcry_free (buf); +} + + #define MAX_DATA_LEN 100 void @@ -2348,8 +2366,8 @@ check_hmac (void) } /* Check that the signature SIG matches the hash HASH. PKEY is the - public key used for the verification. BADHASH is a hasvalue which - should; result in a bad signature status. */ + public key used for the verification. BADHASH is a hash value which + should result in a bad signature status. */ static void verify_one_signature (gcry_sexp_t pkey, gcry_sexp_t hash, gcry_sexp_t badhash, gcry_sexp_t sig) @@ -2436,8 +2454,6 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) { NULL } }; - (void)n; - rc = gcry_sexp_sscan (&badhash, NULL, baddata, strlen (baddata)); if (rc) die ("converting data failed: %s\n", gpg_strerror (rc)); @@ -2448,7 +2464,7 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) continue; if (verbose) - fprintf (stderr, " signature test %d\n", dataidx); + fprintf (stderr, " test %d, signature test %d\n", n, dataidx); rc = gcry_sexp_sscan (&hash, NULL, datas[dataidx].data, strlen (datas[dataidx].data)); @@ -2471,6 +2487,86 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) gcry_sexp_release (badhash); } + +/* Test the public key sign function using the private ket SKEY. PKEY + is used for verification. This variant is only used for ECDSA. */ +static void +check_pubkey_sign_ecdsa (int n, gcry_sexp_t skey, gcry_sexp_t pkey) +{ + gcry_error_t rc; + gcry_sexp_t sig, badhash, hash; + unsigned int nbits; + int dataidx; + static struct + { + unsigned int nbits; + const char *data; + int expected_rc; + const char *baddata; + int dummy; + } datas[] = + { + { 256, + "(data (flags raw)\n" + " (value #00112233445566778899AABBCCDDEEFF" + /* */ "000102030405060708090A0B0C0D0E0F#))", + 0, + "(data (flags raw)\n" + " (value #80112233445566778899AABBCCDDEEFF" + /* */ "000102030405060708090A0B0C0D0E0F#))", + 0 + }, + { 192, + "(data (flags raw)\n" + " (value #00112233445566778899AABBCCDDEEFF0001020304050607#))", + 0, + "(data (flags raw)\n" + " (value #80112233445566778899AABBCCDDEEFF0001020304050607#))", + 0 + }, + { 0, NULL } + }; + + nbits = gcry_pk_get_nbits (skey); + + for (dataidx = 0; datas[dataidx].data; dataidx++) + { + if (datas[dataidx].nbits != nbits) + continue; + + if (verbose) + fprintf (stderr, " test %d, signature test %d (%u bit ecdsa)\n", + n, dataidx, nbits); + + rc = gcry_sexp_sscan (&hash, NULL, datas[dataidx].data, + strlen (datas[dataidx].data)); + if (rc) + die ("converting data failed: %s\n", gpg_strerror (rc)); + rc = gcry_sexp_sscan (&badhash, NULL, datas[dataidx].baddata, + strlen (datas[dataidx].baddata)); + if (rc) + die ("converting data failed: %s\n", gpg_strerror (rc)); + + rc = gcry_pk_sign (&sig, hash, skey); + if (gcry_err_code (rc) != datas[dataidx].expected_rc) + fail ("gcry_pk_sign failed: %s\n", gpg_strerror (rc)); + + if (!rc && verbose > 1) + show_sexp ("ECDSA signature:\n", sig); + + if (!rc) + verify_one_signature (pkey, hash, badhash, sig); + + gcry_sexp_release (sig); + sig = NULL; + gcry_sexp_release (badhash); + badhash = NULL; + gcry_sexp_release (hash); + hash = NULL; + } +} + + static void check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) { @@ -2699,7 +2795,12 @@ do_check_one_pubkey (int n, gcry_sexp_t skey, gcry_sexp_t pkey, const unsigned char *grip, int algo, int flags) { if (flags & FLAG_SIGN) - check_pubkey_sign (n, skey, pkey, algo); + { + if (algo == GCRY_PK_ECDSA) + check_pubkey_sign_ecdsa (n, skey, pkey); + else + check_pubkey_sign (n, skey, pkey, algo); + } if (flags & FLAG_CRYPT) check_pubkey_crypt (n, skey, pkey, algo); if (grip && (flags & FLAG_GRIP)) @@ -2775,112 +2876,227 @@ check_one_pubkey_new (int n) static void check_pubkey (void) { - test_spec_pubkey_t pubkeys[] = + test_spec_pubkey_t pubkeys[] = { + { + GCRY_PK_RSA, FLAG_CRYPT | FLAG_SIGN, { - { - GCRY_PK_RSA, FLAG_CRYPT | FLAG_SIGN, - - { "(private-key\n" - " (rsa\n" - " (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" - " 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" - " ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" - " 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n" - " (e #010001#)\n" - " (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11" - " 7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD" - " C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21" - " C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n" - " (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213" - " fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)\n" - " (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9" - " 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)\n" - " (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e" - " ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))\n", - - "(public-key\n" - " (rsa\n" - " (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" - " 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" - " ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" - " 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n" - " (e #010001#)))\n", - - "\x32\x10\x0c\x27\x17\x3e\xf6\xe9\xc4\xe9" - "\xa2\x5d\x3d\x69\xf8\x6d\x37\xa4\xf9\x39"} - }, - { - GCRY_PK_DSA, FLAG_SIGN, - - { "(private-key\n" - " (DSA\n" - " (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" - " 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" - " CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" - " 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)\n" - " (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)\n" - " (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" - " AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" - " B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" - " 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)\n" - " (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" - " A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" - " 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" - " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)\n" - " (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))\n", - - "(public-key\n" - " (DSA\n" - " (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" - " 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" - " CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" - " 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)\n" - " (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)\n" - " (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" - " AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" - " B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" - " 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)\n" - " (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" - " A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" - " 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" - " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))\n", - - "\xc6\x39\x83\x1a\x43\xe5\x05\x5d\xc6\xd8" - "\x4a\xa6\xf9\xeb\x23\xbf\xa9\x12\x2d\x5b" } - }, - { - GCRY_PK_ELG, FLAG_SIGN | FLAG_CRYPT, - - { "(private-key\n" - " (ELG\n" - " (p #00B93B93386375F06C2D38560F3B9C6D6D7B7506B20C1773F73F8DE56E6CD65D" - " F48DFAAA1E93F57A2789B168362A0F787320499F0B2461D3A4268757A7B27517" - " B7D203654A0CD484DEC6AF60C85FEB84AAC382EAF2047061FE5DAB81A20A0797" - " 6E87359889BAE3B3600ED718BE61D4FC993CC8098A703DD0DC942E965E8F18D2A7#)\n" - " (g #05#)\n" - " (y #72DAB3E83C9F7DD9A931FDECDC6522C0D36A6F0A0FEC955C5AC3C09175BBFF2B" - " E588DB593DC2E420201BEB3AC17536918417C497AC0F8657855380C1FCF11C5B" - " D20DB4BEE9BDF916648DE6D6E419FA446C513AAB81C30CB7B34D6007637BE675" - " 56CE6473E9F9EE9B9FADD275D001563336F2186F424DEC6199A0F758F6A00FF4#)\n" - " (x #03C28900087B38DABF4A0AB98ACEA39BB674D6557096C01D72E31C16BDD32214#)))\n", - - "(public-key\n" - " (ELG\n" - " (p #00B93B93386375F06C2D38560F3B9C6D6D7B7506B20C1773F73F8DE56E6CD65D" - " F48DFAAA1E93F57A2789B168362A0F787320499F0B2461D3A4268757A7B27517" - " B7D203654A0CD484DEC6AF60C85FEB84AAC382EAF2047061FE5DAB81A20A0797" - " 6E87359889BAE3B3600ED718BE61D4FC993CC8098A703DD0DC942E965E8F18D2A7#)\n" - " (g #05#)\n" - " (y #72DAB3E83C9F7DD9A931FDECDC6522C0D36A6F0A0FEC955C5AC3C09175BBFF2B" - " E588DB593DC2E420201BEB3AC17536918417C497AC0F8657855380C1FCF11C5B" - " D20DB4BEE9BDF916648DE6D6E419FA446C513AAB81C30CB7B34D6007637BE675" - " 56CE6473E9F9EE9B9FADD275D001563336F2186F424DEC6199A0F758F6A00FF4#)))\n", - - "\xa7\x99\x61\xeb\x88\x83\xd2\xf4\x05\xc8" - "\x4f\xba\x06\xf8\x78\x09\xbc\x1e\x20\xe5" } - }, - }; + "(private-key\n" + " (rsa\n" + " (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" + " 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" + " ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" + " 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea2" + " 51#)\n" + " (e #010001#)\n" + " (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11" + " 7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD" + " C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21" + " C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781" + " #)\n" + " (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213" + " fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424" + " f1#)\n" + " (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9" + " 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad3" + " 61#)\n" + " (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e" + " ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b" + " #)))\n", + + "(public-key\n" + " (rsa\n" + " (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" + " 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" + " ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" + " 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea2" + " 51#)\n" + " (e #010001#)))\n", + + "\x32\x10\x0c\x27\x17\x3e\xf6\xe9\xc4\xe9" + "\xa2\x5d\x3d\x69\xf8\x6d\x37\xa4\xf9\x39"} + }, + { + GCRY_PK_DSA, FLAG_SIGN, + { + "(private-key\n" + " (DSA\n" + " (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" + " 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" + " CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" + " 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D877" + " 7B#)\n" + " (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)\n" + " (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" + " AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" + " B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" + " 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15" + " #)\n" + " (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" + " A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" + " 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" + " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB" + " #)\n" + " (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))\n", + + "(public-key\n" + " (DSA\n" + " (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" + " 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" + " CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" + " 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D877" + " 7B#)\n" + " (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)\n" + " (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" + " AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" + " B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" + " 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15" + " #)\n" + " (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" + " A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" + " 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" + " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB" + " #)))\n", + + "\xc6\x39\x83\x1a\x43\xe5\x05\x5d\xc6\xd8" + "\x4a\xa6\xf9\xeb\x23\xbf\xa9\x12\x2d\x5b" } + }, + { + GCRY_PK_ELG, FLAG_SIGN | FLAG_CRYPT, + { + "(private-key\n" + " (ELG\n" + " (p #00B93B93386375F06C2D38560F3B9C6D6D7B7506B20C1773F73F8DE56E6CD65D" + " F48DFAAA1E93F57A2789B168362A0F787320499F0B2461D3A4268757A7B27517" + " B7D203654A0CD484DEC6AF60C85FEB84AAC382EAF2047061FE5DAB81A20A0797" + " 6E87359889BAE3B3600ED718BE61D4FC993CC8098A703DD0DC942E965E8F18D2" + " A7#)\n" + " (g #05#)\n" + " (y #72DAB3E83C9F7DD9A931FDECDC6522C0D36A6F0A0FEC955C5AC3C09175BBFF2B" + " E588DB593DC2E420201BEB3AC17536918417C497AC0F8657855380C1FCF11C5B" + " D20DB4BEE9BDF916648DE6D6E419FA446C513AAB81C30CB7B34D6007637BE675" + " 56CE6473E9F9EE9B9FADD275D001563336F2186F424DEC6199A0F758F6A00FF4" + " #)\n" + " (x #03C28900087B38DABF4A0AB98ACEA39BB674D6557096C01D72E31C16BDD32214" + " #)))\n", + + "(public-key\n" + " (ELG\n" + " (p #00B93B93386375F06C2D38560F3B9C6D6D7B7506B20C1773F73F8DE56E6CD65D" + " F48DFAAA1E93F57A2789B168362A0F787320499F0B2461D3A4268757A7B27517" + " B7D203654A0CD484DEC6AF60C85FEB84AAC382EAF2047061FE5DAB81A20A0797" + " 6E87359889BAE3B3600ED718BE61D4FC993CC8098A703DD0DC942E965E8F18D2" + " A7#)\n" + " (g #05#)\n" + " (y #72DAB3E83C9F7DD9A931FDECDC6522C0D36A6F0A0FEC955C5AC3C09175BBFF2B" + " E588DB593DC2E420201BEB3AC17536918417C497AC0F8657855380C1FCF11C5B" + " D20DB4BEE9BDF916648DE6D6E419FA446C513AAB81C30CB7B34D6007637BE675" + " 56CE6473E9F9EE9B9FADD275D001563336F2186F424DEC6199A0F758F6A00FF4" + " #)))\n", + + "\xa7\x99\x61\xeb\x88\x83\xd2\xf4\x05\xc8" + "\x4f\xba\x06\xf8\x78\x09\xbc\x1e\x20\xe5" } + }, + { /* ECDSA test. */ + GCRY_PK_ECDSA, FLAG_SIGN, + { + "(private-key\n" + " (ecdsa\n" + " (curve nistp192)\n" + " (q #048532093BA023F4D55C0424FA3AF9367E05F309DC34CDC3FE" + " C13CA9E617C6C8487BFF6A726E3C4F277913D97117939966#)\n" + " (d #00D4EF27E32F8AD8E2A1C6DDEBB1D235A69E3CEF9BCE90273D#)))\n", + + "(public-key\n" + " (ecdsa\n" + " (curve nistp192)\n" + " (q #048532093BA023F4D55C0424FA3AF9367E05F309DC34CDC3FE" + " C13CA9E617C6C8487BFF6A726E3C4F277913D97117939966#)))\n", + + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" } + }, + { /* ECDSA test with the public key algorithm given as "ecc". */ + GCRY_PK_ECDSA, FLAG_SIGN, + { + "(private-key\n" + " (ecdsa\n" + " (curve nistp192)\n" + " (q #048532093BA023F4D55C0424FA3AF9367E05F309DC34CDC3FE" + " C13CA9E617C6C8487BFF6A726E3C4F277913D97117939966#)\n" + " (d #00D4EF27E32F8AD8E2A1C6DDEBB1D235A69E3CEF9BCE90273D#)))\n", + + "(public-key\n" + " (ecc\n" + " (curve nistp192)\n" + " (q #048532093BA023F4D55C0424FA3AF9367E05F309DC34CDC3FE" + " C13CA9E617C6C8487BFF6A726E3C4F277913D97117939966#)))\n", + + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" } + }, + { /* ECDSA test with the private key algorithm given as "ecc". */ + GCRY_PK_ECDSA, FLAG_SIGN, + { + "(private-key\n" + " (ecc\n" + " (curve nistp192)\n" + " (q #048532093BA023F4D55C0424FA3AF9367E05F309DC34CDC3FE" + " C13CA9E617C6C8487BFF6A726E3C4F277913D97117939966#)\n" + " (d #00D4EF27E32F8AD8E2A1C6DDEBB1D235A69E3CEF9BCE90273D#)))\n", + + "(public-key\n" + " (ecdsa\n" + " (curve nistp192)\n" + " (q #048532093BA023F4D55C0424FA3AF9367E05F309DC34CDC3FE" + " C13CA9E617C6C8487BFF6A726E3C4F277913D97117939966#)))\n", + + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" } + }, + { /* ECDSA test with the key algorithms given as "ecc". */ + GCRY_PK_ECDSA, FLAG_SIGN, + { + "(private-key\n" + " (ecc\n" + " (curve nistp192)\n" + " (q #048532093BA023F4D55C0424FA3AF9367E05F309DC34CDC3FE" + " C13CA9E617C6C8487BFF6A726E3C4F277913D97117939966#)\n" + " (d #00D4EF27E32F8AD8E2A1C6DDEBB1D235A69E3CEF9BCE90273D#)))\n", + + "(public-key\n" + " (ecc\n" + " (curve nistp192)\n" + " (q #048532093BA023F4D55C0424FA3AF9367E05F309DC34CDC3FE" + " C13CA9E617C6C8487BFF6A726E3C4F277913D97117939966#)))\n", + + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" } + }, + { /* ECDSA test 256 bit. */ + GCRY_PK_ECDSA, FLAG_SIGN, + { + "(private-key\n" + " (ecc\n" + " (curve nistp256)\n" + " (q #04D4F6A6738D9B8D3A7075C1E4EE95015FC0C9B7E4272D2B" + " EB6644D3609FC781B71F9A8072F58CB66AE2F89BB1245187" + " 3ABF7D91F9E1FBF96BF2F70E73AAC9A283#)\n" + " (d #5A1EF0035118F19F3110FB81813D3547BCE1E5BCE77D1F74" + " 4715E1D5BBE70378#)))\n", + + "(public-key\n" + " (ecc\n" + " (curve nistp256)\n" + " (q #04D4F6A6738D9B8D3A7075C1E4EE95015FC0C9B7E4272D2B" + " EB6644D3609FC781B71F9A8072F58CB66AE2F89BB1245187" + " 3ABF7D91F9E1FBF96BF2F70E73AAC9A283#)))\n" + + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" } + } + }; int i; + if (verbose) fprintf (stderr, "Starting public key checks.\n"); for (i = 0; i < sizeof (pubkeys) / sizeof (*pubkeys); i++) ----------------------------------------------------------------------- Summary of changes: cipher/pubkey.c | 50 ++++-- doc/gcrypt.texi | 2 +- tests/basic.c | 436 +++++++++++++++++++++++++++++++++++++++++-------------- 3 files changed, 360 insertions(+), 128 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 15 11:30:32 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 15 Apr 2013 11:30:32 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-115-g71b25a5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 71b25a5562f68aad81eae52cc1bab9ca7731a7e9 (commit) from af8a79aea80217a0c85a592db1fa001792a6bf0f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 71b25a5562f68aad81eae52cc1bab9ca7731a7e9 Author: Werner Koch Date: Mon Apr 15 11:11:58 2013 +0200 Fix addition of EC points. * mpi/ec.c (_gcry_mpi_ec_add_points): Fix case of P1 given in affine coordinates. -- This was a plain copy and paste error, which was found due to explicit use of affine coordinates by GNUnet's new pseudonyms code. Signed-off-by: Werner Koch diff --git a/mpi/ec.c b/mpi/ec.c index c736706..5d2f5c9 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -829,7 +829,7 @@ _gcry_mpi_ec_add_points (mpi_point_t result, ec_mulm (l1, l1, x1, ctx); } if (z1_is_one) - mpi_set (l2, x1); + mpi_set (l2, x2); else { ec_powm (l2, z1, mpi_const (MPI_C_TWO), ctx); ----------------------------------------------------------------------- Summary of changes: mpi/ec.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 15 12:12:32 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 15 Apr 2013 12:12:32 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-116-gbd3afc2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via bd3afc27459a44df8cf501a7e1ae37bb849a8b0e (commit) from 71b25a5562f68aad81eae52cc1bab9ca7731a7e9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bd3afc27459a44df8cf501a7e1ae37bb849a8b0e Author: Werner Koch Date: Mon Apr 15 11:52:54 2013 +0200 Add macros to return pre-defined MPIs. * src/gcrypt.h.in (GCRYMPI_CONST_ONE, GCRYMPI_CONST_TWO) (GCRYMPI_CONST_THREE, GCRYMPI_CONST_FOUR, GCRYMPI_CONST_EIGHT): New. (_gcry_mpi_get_const): New private function. * src/visibility.c (_gcry_mpi_get_const): New. * src/visibility.h: Mark it visible. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index c4f89c1..5dea552 100644 --- a/NEWS +++ b/NEWS @@ -60,6 +60,11 @@ Noteworthy changes in version 1.6.0 (unreleased) gcry_mpi_ec_mul NEW. GCRYMPI_FLAG_IMMUTABLE NEW. GCRYMPI_FLAG_CONST NEW. + GCRYMPI_CONST_ONE NEW. + GCRYMPI_CONST_TWO NEW. + GCRYMPI_CONST_THREE NEW. + GCRYMPI_CONST_FOUR NEW. + GCRYMPI_CONST_EIGHT NEW. GCRYPT_VERSION_NUMBER NEW. GCRY_KDF_SCRYPT NEW. gcry_pubkey_get_sexp NEW. diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index cace087..d4c4194 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4054,6 +4054,11 @@ coordinate is not required, @code{NULL} may be passed to @var{x} or @var{y}. @var{ctx} is the context object which has been created using @code{gcry_mpi_ec_new}. Returns 0 on success or not 0 if @var{point} is at infinity. + +Note that you can use @code{gcry_mpi_ec_set_point} with the value + at code{GCRYMPI_CONST_ONE} for @var{z} to convert affine coordinates +back into projective coordinates. + @end deftypefun @deftypefun void gcry_mpi_ec_dup ( @ @@ -4127,7 +4132,11 @@ If this flag is set, the MPI is marked as a constant and as immutable Setting or changing the value of that MPI is ignored and an error message is logged. Such an MPI will never be deallocated and may thus be used without copying. Note that using gcry_mpi_copy will return a -copy of that constant with this and the immutable flag cleared. +copy of that constant with this and the immutable flag cleared. A few +commonly used constants are pre-defined and accessible using the +macros @code{GCRYMPI_CONST_ONE}, @code{GCRYMPI_CONST_TWO}, + at code{GCRYMPI_CONST_THREE}, @code{GCRYMPI_CONST_FOUR}, and + at code{GCRYMPI_CONST_EIGHT}. @end table @deftypefun void gcry_mpi_set_flag (@w{gcry_mpi_t @var{a}}, @ diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 85213ea..f472b02 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -467,6 +467,13 @@ enum gcry_mpi_flag }; +/* Macros to return pre-defined MPI constants. */ +#define GCRYMPI_CONST_ONE (_gcry_mpi_get_const (1)) +#define GCRYMPI_CONST_TWO (_gcry_mpi_get_const (2)) +#define GCRYMPI_CONST_THREE (_gcry_mpi_get_const (3)) +#define GCRYMPI_CONST_FOUR (_gcry_mpi_get_const (4)) +#define GCRYMPI_CONST_EIGHT (_gcry_mpi_get_const (8)) + /* Allocate a new big integer object, initialize it with 0 and initially allocate memory for a number of at least NBITS. */ gcry_mpi_t gcry_mpi_new (unsigned int nbits); @@ -692,6 +699,9 @@ void gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag); /* Return true when the FLAG is set for A. */ int gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag); +/* Private function - do not use. */ +gcry_mpi_t _gcry_mpi_get_const (int no); + /* Unless the GCRYPT_NO_MPI_MACROS is used, provide a couple of convenience macros for the big integer functions. */ #ifndef GCRYPT_NO_MPI_MACROS diff --git a/src/libgcrypt.def b/src/libgcrypt.def index 4da4623..9eaf8a7 100644 --- a/src/libgcrypt.def +++ b/src/libgcrypt.def @@ -234,3 +234,5 @@ EXPORTS gcry_mpi_ec_mul @211 gcry_pubkey_get_sexp @212 + + _gcry_mpi_get_const @213 diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers index 29e46db..6aaf0f1 100644 --- a/src/libgcrypt.vers +++ b/src/libgcrypt.vers @@ -98,6 +98,8 @@ GCRYPT_1.6 { gcry_mpi_ec_get_affine; gcry_mpi_ec_dup; gcry_mpi_ec_add; gcry_mpi_ec_mul; + _gcry_mpi_get_const; + gcry_ctx_release; local: diff --git a/src/visibility.c b/src/visibility.c index b503be6..c86d31b 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -601,6 +601,20 @@ gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag) return _gcry_mpi_get_flag (a, flag); } +gcry_mpi_t +_gcry_mpi_get_const (int no) +{ + switch (no) + { + case 1: return _gcry_mpi_const (MPI_C_ONE); + case 2: return _gcry_mpi_const (MPI_C_TWO); + case 3: return _gcry_mpi_const (MPI_C_THREE); + case 4: return _gcry_mpi_const (MPI_C_FOUR); + case 8: return _gcry_mpi_const (MPI_C_EIGHT); + default: log_bug("unsupported GCRYMPI_CONST_ macro used\n"); + } +} + gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *handle, int algo, int mode, unsigned int flags) diff --git a/src/visibility.h b/src/visibility.h index 1564e86..6887f37 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -594,6 +594,10 @@ MARK_VISIBLE (gcry_mpi_test_bit) MARK_VISIBLE (gcry_ctx_release) +/* Functions used to implement macros. */ +MARK_VISIBLEX(_gcry_mpi_get_const) + + #undef MARK_VISIBLE #endif /*_GCRY_INCLUDED_BY_VISIBILITY_C*/ ----------------------------------------------------------------------- Summary of changes: NEWS | 5 +++++ doc/gcrypt.texi | 11 ++++++++++- src/gcrypt.h.in | 10 ++++++++++ src/libgcrypt.def | 2 ++ src/libgcrypt.vers | 2 ++ src/visibility.c | 14 ++++++++++++++ src/visibility.h | 4 ++++ 7 files changed, 47 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 15 12:21:49 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 15 Apr 2013 12:21:49 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH, updated. libgcrypt-1.5.1-6-gc736245 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-5-BRANCH has been updated via c7362450c679736ceb82e95fac2e251972f3ea1e (commit) from 4f57ad0f8744263c917b3f16d84c2e5204893422 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c7362450c679736ceb82e95fac2e251972f3ea1e Author: Werner Koch Date: Mon Apr 15 11:11:58 2013 +0200 Fix addition of EC points. * mpi/ec.c (_gcry_mpi_ec_add_points): Fix case of P1 given in affine coordinates. -- This was a plain copy and paste error, which was found due to explicit use of affine coordinates by GNUnet's new pseudonyms code. Signed-off-by: Werner Koch diff --git a/mpi/ec.c b/mpi/ec.c index e325358..ce86e09 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -522,7 +522,7 @@ _gcry_mpi_ec_add_points (mpi_point_t *result, ec_mulm (l1, l1, x1, ctx); } if (z1_is_one) - mpi_set (l2, x1); + mpi_set (l2, x2); else { ec_powm (l2, z1, ctx->two, ctx); ----------------------------------------------------------------------- Summary of changes: mpi/ec.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 16 20:41:39 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 16 Apr 2013 20:41:39 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-117-g78cd0ba Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 78cd0ba8a8eceee9d0b3397a2ab3bda6ba37c8a4 (commit) from bd3afc27459a44df8cf501a7e1ae37bb849a8b0e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 78cd0ba8a8eceee9d0b3397a2ab3bda6ba37c8a4 Author: Werner Koch Date: Tue Apr 16 18:59:22 2013 +0200 Fix multiply by zero in gcry_mpi_ec_mul. * mpi/ec.c (_gcry_mpi_ec_mul_point): Handle case of SCALAR == 0. * tests/t-mpi-point.c (basic_ec_math): Add a test case for this. Signed-off-by: Werner Koch diff --git a/mpi/ec.c b/mpi/ec.c index 5d2f5c9..8fb47a3 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -977,10 +977,23 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, mpi_mul (h, k, mpi_const (MPI_C_THREE)); /* h = 3k */ loops = mpi_get_nbits (h); - - mpi_set (result->x, point->x); - mpi_set (result->y, yy); mpi_free (yy); yy = NULL; - mpi_set (result->z, point->z); + if (loops < 2) + { + /* If SCALAR is zero, the above mpi_mul sets H to zero and thus + LOOPs will be zero. To avoid an underflow of I in the main + loop we set LOOP to 2 and the result to (0,0,0). */ + loops = 2; + mpi_clear (result->x); + mpi_clear (result->y); + mpi_clear (result->z); + } + else + { + mpi_set (result->x, point->x); + mpi_set (result->y, yy); + mpi_set (result->z, point->z); + } + mpi_free (yy); yy = NULL; p1.x = x1; x1 = NULL; p1.y = y1; y1 = NULL; diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c index 9f7360e..98236e7 100644 --- a/tests/t-mpi-point.c +++ b/tests/t-mpi-point.c @@ -593,11 +593,25 @@ basic_ec_math (void) err = ec_p_new (&ctx, P, A); if (err) die ("ec_p_new failed: %s\n", gpg_strerror (err)); - gcry_mpi_ec_mul (Q, d, G, ctx); x = gcry_mpi_new (0); y = gcry_mpi_new (0); z = gcry_mpi_new (0); + + { + /* A quick check that multiply by zero works. */ + gcry_mpi_t tmp; + + tmp = gcry_mpi_new (0); + gcry_mpi_ec_mul (Q, tmp, G, ctx); + gcry_mpi_release (tmp); + gcry_mpi_point_get (x, y, z, Q); + if (gcry_mpi_cmp_ui (x, 0) || gcry_mpi_cmp_ui (y, 0) + || gcry_mpi_cmp_ui (z, 0)) + fail ("multiply a point by zero failed\n"); + } + + gcry_mpi_ec_mul (Q, d, G, ctx); gcry_mpi_point_get (x, y, z, Q); if (cmp_mpihex (x, "222D9EC717C89D047E0898C9185B033CD11C0A981EE6DC66") || cmp_mpihex (y, "605DE0A82D70D3E0F84A127D0739ED33D657DF0D054BFDE8") ----------------------------------------------------------------------- Summary of changes: mpi/ec.c | 21 +++++++++++++++++---- tests/t-mpi-point.c | 16 +++++++++++++++- 2 files changed, 32 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 16 20:41:55 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 16 Apr 2013 20:41:55 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.4.0-2-g12374cb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 12374cbecede047accd2d2267bba5927037ed16c (commit) from 68221577b74fbcf0b43586f6004384fba0959ac5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 12374cbecede047accd2d2267bba5927037ed16c Author: Werner Koch Date: Tue Apr 16 18:30:20 2013 +0200 Explain the GPGME_DEBUG variable. -- diff --git a/doc/gpgme.texi b/doc/gpgme.texi index af2e163..8eeaafc 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -101,6 +101,7 @@ This is Edition @value{EDITION}, last updated @value{UPDATED}, of Appendices * UI Server Protocol:: The GnuPG UI Server Protocol. +* Debugging:: How to solve problems. * Library Copying:: The GNU Lesser General Public License says how you can copy and share `GnuPG Made Easy'. @@ -5794,6 +5795,47 @@ case the state of @var{ctx} is not modified). @include uiserver.texi + at node Debugging + at appendix How to solve problems + at cindex debug + at cindex GPGME_DEBUG + +Everyone knows that software often does not do what it should do and thus +there is a need to track down problems. This is in particular true +for applications using a complex library like @acronym{GPGME} and of +course also for the library itself. Here we give a few hints on how +to solve such problems. + +First of all you should make sure that the keys you want to use are +installed in the GnuPG engine and are usable. Thus the first test is +to run the desired operation using @command{gpg} or @command{gpgsm} on +the command line. If you can't figure out why things don't work, you +may use @acronym{GPGME}'s built in trace feature. This feature is +either enabled using the environment variable @code{GPGME_DEBUG} or, +if this is not possible, by calling the function + at code{gpgme_set_global_flag}. The value is the trace level and +an optional file name. + + at noindenr +For example + at smallexample +GPGME_DEBUG=9:/home/user/mygpgme.log + at end smallexample + at noindent +(Note that under Windows you use a semicolon in place of the colon to +separate the fields.) + +A trace level of 9 is pretty verbose and thus you may want to start +off with a lower level. The exact definition of the trace levels and +the output format may change with any release; you need to check the +source code for details. In any case the trace log should be helpful +to understand what is going going on. Warning: The trace log may +reveal sensitive details like passphrases or other data you use in +your application. If you are asked to send a log file, make sure that +you run your tests only with play data. + + + @include lesser.texi @include gpl.texi ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 42 insertions(+), 0 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 17 11:44:19 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 17 Apr 2013 11:44:19 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-206-g96fc299 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 96fc29950a8508e936ad4546617d91a40226639e (commit) from e1f7f61d1e10fc3ee816970ce611afbc9b654eda (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 96fc29950a8508e936ad4546617d91a40226639e Author: Werner Koch Date: Wed Apr 17 11:26:27 2013 +0200 Add missing file. -- diff --git a/doc/DCO b/doc/DCO new file mode 100644 index 0000000..bae7bff --- /dev/null +++ b/doc/DCO @@ -0,0 +1,29 @@ +GnuPG Developer's Certificate of Origin. Version 1.0 +===================================================== + +By making a contribution to the GnuPG project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the free software license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the + best of my knowledge, is covered under an appropriate free + software license and I have the right under that license to + submit that work with modifications, whether created in whole + or in part by me, under the same free software license + (unless I am permitted to submit under a different license), + as indicated in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including + all personal information I submit with it, including my + sign-off) is maintained indefinitely and may be redistributed + consistent with this project or the free software license(s) + involved. + +Signed-off-by: [Your name and mail address] ----------------------------------------------------------------------- Summary of changes: doc/DCO | 29 +++++++++++++++++++++++++++++ 1 files changed, 29 insertions(+), 0 deletions(-) create mode 100644 doc/DCO hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 18 10:23:38 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 18 Apr 2013 10:23:38 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH, updated. libgcrypt-1.5.1-7-gcc2f851 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-5-BRANCH has been updated via cc2f85116226bf9e2b77c4949eb1e7ea2357f67d (commit) from c7362450c679736ceb82e95fac2e251972f3ea1e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cc2f85116226bf9e2b77c4949eb1e7ea2357f67d Author: Werner Koch Date: Tue Apr 16 18:59:22 2013 +0200 Fix multiply by zero in gcry_mpi_ec_mul. * mpi/ec.c (_gcry_mpi_ec_mul_point): Handle case of SCALAR == 0. -- This is backport from master leaving out the test case. Signed-off-by: Werner Koch diff --git a/mpi/ec.c b/mpi/ec.c index ce86e09..fa00818 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -670,10 +670,23 @@ _gcry_mpi_ec_mul_point (mpi_point_t *result, mpi_mul (h, k, ctx->three); /* h = 3k */ loops = mpi_get_nbits (h); - - mpi_set (result->x, point->x); - mpi_set (result->y, yy); mpi_free (yy); yy = NULL; - mpi_set (result->z, point->z); + if (loops < 2) + { + /* If SCALAR is zero, the above mpi_mul sets H to zero and thus + LOOPs will be zero. To avoid an underflow of I in the main + loop we set LOOP to 2 and the result to (0,0,0). */ + loops = 2; + mpi_clear (result->x); + mpi_clear (result->y); + mpi_clear (result->z); + } + else + { + mpi_set (result->x, point->x); + mpi_set (result->y, yy); + mpi_set (result->z, point->z); + } + mpi_free (yy); yy = NULL; p1.x = x1; x1 = NULL; p1.y = y1; y1 = NULL; ----------------------------------------------------------------------- Summary of changes: mpi/ec.c | 21 +++++++++++++++++---- 1 files changed, 17 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 18 15:00:27 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 18 Apr 2013 15:00:27 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH, updated. libgcrypt-1.5.1-10-g4cd2795 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-5-BRANCH has been updated via 4cd279556777e02eda79973f68efaa4b741f9175 (commit) via a412a949555db737bac87999403fcf526166effe (commit) via 8eab66ad6852ec985bfb1e7fec35981d5e31148a (commit) from cc2f85116226bf9e2b77c4949eb1e7ea2357f67d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4cd279556777e02eda79973f68efaa4b741f9175 Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 Fix alignment problem in idea.c. * cipher/idea.c (cipher): Rework parameter use to fix alignment problems. * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros. Signed-off-by: Werner Koch diff --git a/cipher/idea.c b/cipher/idea.c index 39c9720..c025c95 100644 --- a/cipher/idea.c +++ b/cipher/idea.c @@ -1,5 +1,6 @@ /* idea.c - IDEA function - * Copyright (c) 1997, 1998, 1999, 2001 by Werner Koch (dd9jn) + * Copyright 1997, 1998, 1999, 2001 Werner Koch (dd9jn) + * Copyright 2013 g10 Code GmbH * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), @@ -49,9 +50,6 @@ #include "cipher.h" -#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned int))(f)) -#define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f)) - #define IDEA_KEYSIZE 16 #define IDEA_BLOCKSIZE 8 #define IDEA_ROUNDS 8 @@ -161,10 +159,14 @@ invert_key( u16 *ek, u16 dk[IDEA_KEYLEN] ) static void cipher( byte *outbuf, const byte *inbuf, u16 *key ) { - u16 x1, x2, x3,x4, s2, s3; - u16 *in, *out; + u16 s2, s3; + u16 in[4]; int r = IDEA_ROUNDS; - #define MUL(x,y) \ +#define x1 (in[0]) +#define x2 (in[1]) +#define x3 (in[2]) +#define x4 (in[3]) +#define MUL(x,y) \ do {u16 _t16; u32 _t32; \ if( (_t16 = (y)) ) { \ if( (x = (x)&0xffff) ) { \ @@ -182,17 +184,13 @@ cipher( byte *outbuf, const byte *inbuf, u16 *key ) } \ } while(0) - in = (u16*)inbuf; - x1 = *in++; - x2 = *in++; - x3 = *in++; - x4 = *in; - #ifndef WORDS_BIGENDIAN + memcpy (in, inbuf, sizeof in); +#ifndef WORDS_BIGENDIAN x1 = (x1>>8) | (x1<<8); x2 = (x2>>8) | (x2<<8); x3 = (x3>>8) | (x3<<8); x4 = (x4>>8) | (x4<<8); - #endif +#endif do { MUL(x1, *key++); x2 += *key++; @@ -219,19 +217,21 @@ cipher( byte *outbuf, const byte *inbuf, u16 *key ) x2 += *key++; MUL(x4, *key); - out = (u16*)outbuf; - #ifndef WORDS_BIGENDIAN - *out++ = (x1>>8) | (x1<<8); - *out++ = (x3>>8) | (x3<<8); - *out++ = (x2>>8) | (x2<<8); - *out = (x4>>8) | (x4<<8); - #else - *out++ = x1; - *out++ = x3; - *out++ = x2; - *out = x4; - #endif - #undef MUL +#ifndef WORDS_BIGENDIAN + x1 = (x1>>8) | (x1<<8); + x2 = (x2>>8) | (x2<<8); + x3 = (x3>>8) | (x3<<8); + x4 = (x4>>8) | (x4<<8); +#endif + memcpy (outbuf+0, &x1, 2); + memcpy (outbuf+2, &x3, 2); + memcpy (outbuf+4, &x2, 2); + memcpy (outbuf+6, &x4, 2); +#undef MUL +#undef x1 +#undef x2 +#undef x3 +#undef x4 } commit a412a949555db737bac87999403fcf526166effe Author: Vladimir Serbinenko Date: Thu Apr 18 13:37:49 2013 +0200 Add some const attributes. * cipher/md4.c (transform): Add const attribute. * cipher/md5.c (transform): Ditto. * cipher/rmd160.c (transform): Ditto. -- This is the same as http://bzr.savannah.gnu.org/lh/grub/trunk/grub/revision/3685 Signed-off-by: Werner Koch diff --git a/cipher/md4.c b/cipher/md4.c index 8909ec4..22fbf8d 100644 --- a/cipher/md4.c +++ b/cipher/md4.c @@ -100,7 +100,8 @@ transform ( MD4_CONTEXT *ctx, const unsigned char *data ) #ifdef WORDS_BIGENDIAN { int i; - byte *p2, *p1; + byte *p2; + const byte *p1; for(i=0, p1=data, p2=(byte*)in; i < 16; i++, p2 += 4 ) { p2[3] = *p1++; diff --git a/cipher/md5.c b/cipher/md5.c index 4793882..a98678a 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -91,7 +91,8 @@ transform ( MD5_CONTEXT *ctx, const unsigned char *data ) #ifdef WORDS_BIGENDIAN { int i; - byte *p2, *p1; + byte *p2; + const byte *p1; for(i=0, p1=data, p2=(byte*)correct_words; i < 16; i++, p2 += 4 ) { p2[3] = *p1++; diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 552cff9..179a4d9 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -168,7 +168,8 @@ transform ( RMD160_CONTEXT *hd, const unsigned char *data ) u32 x[16]; { int i; - byte *p2, *p1; + byte *p2; + const byte *p1; for (i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 ) { p2[3] = *p1++; commit 8eab66ad6852ec985bfb1e7fec35981d5e31148a Author: Vladimir Serbinenko Date: Thu Apr 18 13:22:34 2013 +0200 Fix alignment problem in serpent.c. * cipher/serpent.c (serpent_key_prepare): Fix misaligned access. (serpent_setkey): Likewise. (serpent_encrypt_internal): Likewise. (serpent_decrypt_internal): Likewise. (serpent_encrypt): Don't put an alignment-increasing cast. (serpent_decrypt): Likewise. (serpent_test): Likewise. -- This is a port of the fix for the Libgcrypt code in GRUB: http://bzr.savannah.gnu.org/lh/grub/trunk/grub/revision/3685 GRUB is FSF copyrighted and thus we can use this code without a DCO. Note that the above fix was not correct and failed the selftests, thus I fixed this fix. GnuPG-bug-id: 1384 Signed-off-by: Werner Koch diff --git a/AUTHORS b/AUTHORS index b7c1800..5eab32a 100644 --- a/AUTHORS +++ b/AUTHORS @@ -98,6 +98,11 @@ Assigns Past and Future Changes openpgp at brainhub.org (cipher/ecc.c and related files) +LIBGCRYPT Vladimir Serbinenko 2012-04-26 +Assigns Past and Future Changes +phcoder at gmail.com +(cipher/serpent.c) + Authors with a DCO ================== diff --git a/cipher/serpent.c b/cipher/serpent.c index a78e018..ea14c7e 100644 --- a/cipher/serpent.c +++ b/cipher/serpent.c @@ -585,15 +585,14 @@ serpent_key_prepare (const byte *key, unsigned int key_length, int i; /* Copy key. */ - for (i = 0; i < key_length / 4; i++) - { + memcpy (key_prepared, key, key_length); + key_length /= 4; #ifdef WORDS_BIGENDIAN - key_prepared[i] = byte_swap_32 (((u32 *) key)[i]); + for (i = 0; i < key_length; i++) + key_prepared[i] = byte_swap_32 (key_prepared[i]); #else - key_prepared[i] = ((u32 *) key)[i]; + i = key_length; #endif - } - if (i < 8) { /* Key must be padded according to the Serpent @@ -707,21 +706,17 @@ serpent_setkey (void *ctx, static void serpent_encrypt_internal (serpent_context_t *context, - const serpent_block_t input, serpent_block_t output) + const byte *input, byte *output) { serpent_block_t b, b_next; int round = 0; + memcpy (b, input, sizeof (b)); #ifdef WORDS_BIGENDIAN - b[0] = byte_swap_32 (input[0]); - b[1] = byte_swap_32 (input[1]); - b[2] = byte_swap_32 (input[2]); - b[3] = byte_swap_32 (input[3]); -#else - b[0] = input[0]; - b[1] = input[1]; - b[2] = input[2]; - b[3] = input[3]; + b[0] = byte_swap_32 (b[0]); + b[1] = byte_swap_32 (b[1]); + b[2] = byte_swap_32 (b[2]); + b[3] = byte_swap_32 (b[3]); #endif ROUND (0, context->keys, b, b_next); @@ -759,35 +754,27 @@ serpent_encrypt_internal (serpent_context_t *context, ROUND_LAST (7, context->keys, b, b_next); #ifdef WORDS_BIGENDIAN - output[0] = byte_swap_32 (b_next[0]); - output[1] = byte_swap_32 (b_next[1]); - output[2] = byte_swap_32 (b_next[2]); - output[3] = byte_swap_32 (b_next[3]); -#else - output[0] = b_next[0]; - output[1] = b_next[1]; - output[2] = b_next[2]; - output[3] = b_next[3]; + b_next[0] = byte_swap_32 (b_next[0]); + b_next[1] = byte_swap_32 (b_next[1]); + b_next[2] = byte_swap_32 (b_next[2]); + b_next[3] = byte_swap_32 (b_next[3]); #endif + memcpy (output, b_next, sizeof (b_next)); } static void serpent_decrypt_internal (serpent_context_t *context, - const serpent_block_t input, serpent_block_t output) + const byte *input, byte *output) { serpent_block_t b, b_next; int round = ROUNDS; + memcpy (b_next, input, sizeof (b)); #ifdef WORDS_BIGENDIAN - b_next[0] = byte_swap_32 (input[0]); - b_next[1] = byte_swap_32 (input[1]); - b_next[2] = byte_swap_32 (input[2]); - b_next[3] = byte_swap_32 (input[3]); -#else - b_next[0] = input[0]; - b_next[1] = input[1]; - b_next[2] = input[2]; - b_next[3] = input[3]; + b_next[0] = byte_swap_32 (b_next[0]); + b_next[1] = byte_swap_32 (b_next[1]); + b_next[2] = byte_swap_32 (b_next[2]); + b_next[3] = byte_swap_32 (b_next[3]); #endif ROUND_FIRST_INVERSE (7, context->keys, b_next, b); @@ -824,18 +811,13 @@ serpent_decrypt_internal (serpent_context_t *context, ROUND_INVERSE (1, context->keys, b, b_next); ROUND_INVERSE (0, context->keys, b, b_next); - #ifdef WORDS_BIGENDIAN - output[0] = byte_swap_32 (b_next[0]); - output[1] = byte_swap_32 (b_next[1]); - output[2] = byte_swap_32 (b_next[2]); - output[3] = byte_swap_32 (b_next[3]); -#else - output[0] = b_next[0]; - output[1] = b_next[1]; - output[2] = b_next[2]; - output[3] = b_next[3]; + b_next[0] = byte_swap_32 (b_next[0]); + b_next[1] = byte_swap_32 (b_next[1]); + b_next[2] = byte_swap_32 (b_next[2]); + b_next[3] = byte_swap_32 (b_next[3]); #endif + memcpy (output, b_next, sizeof (b_next)); } static void @@ -843,8 +825,7 @@ serpent_encrypt (void *ctx, byte *buffer_out, const byte *buffer_in) { serpent_context_t *context = ctx; - serpent_encrypt_internal (context, - (const u32 *) buffer_in, (u32 *) buffer_out); + serpent_encrypt_internal (context, buffer_in, buffer_out); _gcry_burn_stack (2 * sizeof (serpent_block_t)); } @@ -853,9 +834,7 @@ serpent_decrypt (void *ctx, byte *buffer_out, const byte *buffer_in) { serpent_context_t *context = ctx; - serpent_decrypt_internal (context, - (const u32 *) buffer_in, - (u32 *) buffer_out); + serpent_decrypt_internal (context, buffer_in, buffer_out); _gcry_burn_stack (2 * sizeof (serpent_block_t)); } @@ -914,9 +893,7 @@ serpent_test (void) { serpent_setkey_internal (&context, test_data[i].key, test_data[i].key_length); - serpent_encrypt_internal (&context, - (const u32 *) test_data[i].text_plain, - (u32 *) scratch); + serpent_encrypt_internal (&context, test_data[i].text_plain, scratch); if (memcmp (scratch, test_data[i].text_cipher, sizeof (serpent_block_t))) switch (test_data[i].key_length) @@ -929,9 +906,7 @@ serpent_test (void) return "Serpent-256 test encryption failed."; } - serpent_decrypt_internal (&context, - (const u32 *) test_data[i].text_cipher, - (u32 *) scratch); + serpent_decrypt_internal (&context, test_data[i].text_cipher, scratch); if (memcmp (scratch, test_data[i].text_plain, sizeof (serpent_block_t))) switch (test_data[i].key_length) { ----------------------------------------------------------------------- Summary of changes: AUTHORS | 5 +++ cipher/idea.c | 54 +++++++++++++++++----------------- cipher/md4.c | 3 +- cipher/md5.c | 3 +- cipher/rmd160.c | 3 +- cipher/serpent.c | 87 +++++++++++++++++++---------------------------------- 6 files changed, 69 insertions(+), 86 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 18 15:47:58 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 18 Apr 2013 15:47:58 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-122-g0355768 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 03557687a09b9c8878c77cbfdd0f5049940c72da (commit) via 1ab26bc304c559b0a8d29823d656f7ad8d10a59d (commit) via 3271b0dfda67e26c381d7ed667737f08f865ee40 (commit) via ff0b94c22b36600fff1db9f1d48f9de61f9038f7 (commit) via 86e72b490a5790a9c23341067c7e4d3e38be1634 (commit) from 78cd0ba8a8eceee9d0b3397a2ab3bda6ba37c8a4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 03557687a09b9c8878c77cbfdd0f5049940c72da Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 mpi: Yet another fix to get option flag munging right. * cipher/Makefile.am (o_flag_munging): Yet another fix. diff --git a/cipher/Makefile.am b/cipher/Makefile.am index b5d8c4f..c39f627 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -78,7 +78,7 @@ rfc2268.c \ camellia.c camellia.h camellia-glue.c camellia_aesni_avx_x86-64.S if ENABLE_O_FLAG_MUNGING -o_flag_munging = sed -e 's/-O([2-9s]|fast)*/-O1/g' +o_flag_munging = sed -e 's/-O$[2-9s][2-9s]*$/-O1/' -e 's/-Ofast/-O1/g' else o_flag_munging = cat endif commit 1ab26bc304c559b0a8d29823d656f7ad8d10a59d Author: Werner Koch Date: Mon Mar 18 09:02:35 2013 +0100 mpi: Make using gcc's -Ofast easier. * cipher/Makefile.am (o_flag_munging): Take -Ofast in account. -- GnuPG-bug-id: 1468 (cherry picked from commit d313255350e6f397500ce23714ddec8780f32449) diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 396e5a2..b5d8c4f 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -78,7 +78,7 @@ rfc2268.c \ camellia.c camellia.h camellia-glue.c camellia_aesni_avx_x86-64.S if ENABLE_O_FLAG_MUNGING -o_flag_munging = sed -e 's/-O[2-9s]*/-O1/g' +o_flag_munging = sed -e 's/-O([2-9s]|fast)*/-O1/g' else o_flag_munging = cat endif commit 3271b0dfda67e26c381d7ed667737f08f865ee40 Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 Fix alignment problem in idea.c. * cipher/idea.c (cipher): Rework parameter use to fix alignment problems. * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros. Signed-off-by: Werner Koch Fix alignment problem in idea.c. * cipher/idea.c (cipher): Rework parameter use to fix alignment problems. * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros. Signed-off-by: Werner Koch (cherry picked from 4cd279556777e02eda79973f68efaa4b741f9175) diff --git a/cipher/idea.c b/cipher/idea.c index 39c9720..c025c95 100644 --- a/cipher/idea.c +++ b/cipher/idea.c @@ -1,5 +1,6 @@ /* idea.c - IDEA function - * Copyright (c) 1997, 1998, 1999, 2001 by Werner Koch (dd9jn) + * Copyright 1997, 1998, 1999, 2001 Werner Koch (dd9jn) + * Copyright 2013 g10 Code GmbH * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), @@ -49,9 +50,6 @@ #include "cipher.h" -#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned int))(f)) -#define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f)) - #define IDEA_KEYSIZE 16 #define IDEA_BLOCKSIZE 8 #define IDEA_ROUNDS 8 @@ -161,10 +159,14 @@ invert_key( u16 *ek, u16 dk[IDEA_KEYLEN] ) static void cipher( byte *outbuf, const byte *inbuf, u16 *key ) { - u16 x1, x2, x3,x4, s2, s3; - u16 *in, *out; + u16 s2, s3; + u16 in[4]; int r = IDEA_ROUNDS; - #define MUL(x,y) \ +#define x1 (in[0]) +#define x2 (in[1]) +#define x3 (in[2]) +#define x4 (in[3]) +#define MUL(x,y) \ do {u16 _t16; u32 _t32; \ if( (_t16 = (y)) ) { \ if( (x = (x)&0xffff) ) { \ @@ -182,17 +184,13 @@ cipher( byte *outbuf, const byte *inbuf, u16 *key ) } \ } while(0) - in = (u16*)inbuf; - x1 = *in++; - x2 = *in++; - x3 = *in++; - x4 = *in; - #ifndef WORDS_BIGENDIAN + memcpy (in, inbuf, sizeof in); +#ifndef WORDS_BIGENDIAN x1 = (x1>>8) | (x1<<8); x2 = (x2>>8) | (x2<<8); x3 = (x3>>8) | (x3<<8); x4 = (x4>>8) | (x4<<8); - #endif +#endif do { MUL(x1, *key++); x2 += *key++; @@ -219,19 +217,21 @@ cipher( byte *outbuf, const byte *inbuf, u16 *key ) x2 += *key++; MUL(x4, *key); - out = (u16*)outbuf; - #ifndef WORDS_BIGENDIAN - *out++ = (x1>>8) | (x1<<8); - *out++ = (x3>>8) | (x3<<8); - *out++ = (x2>>8) | (x2<<8); - *out = (x4>>8) | (x4<<8); - #else - *out++ = x1; - *out++ = x3; - *out++ = x2; - *out = x4; - #endif - #undef MUL +#ifndef WORDS_BIGENDIAN + x1 = (x1>>8) | (x1<<8); + x2 = (x2>>8) | (x2<<8); + x3 = (x3>>8) | (x3<<8); + x4 = (x4>>8) | (x4<<8); +#endif + memcpy (outbuf+0, &x1, 2); + memcpy (outbuf+2, &x3, 2); + memcpy (outbuf+4, &x2, 2); + memcpy (outbuf+6, &x4, 2); +#undef MUL +#undef x1 +#undef x2 +#undef x3 +#undef x4 } commit ff0b94c22b36600fff1db9f1d48f9de61f9038f7 Author: Vladimir Serbinenko Date: Thu Apr 18 13:37:49 2013 +0200 Add some const attributes. * cipher/md4.c (transform): Add const attribute. * cipher/md5.c (transform): Ditto. * cipher/rmd160.c (transform): Ditto. -- This is the same as http://bzr.savannah.gnu.org/lh/grub/trunk/grub/revision/3685 Signed-off-by: Werner Koch diff --git a/cipher/md4.c b/cipher/md4.c index 8909ec4..22fbf8d 100644 --- a/cipher/md4.c +++ b/cipher/md4.c @@ -100,7 +100,8 @@ transform ( MD4_CONTEXT *ctx, const unsigned char *data ) #ifdef WORDS_BIGENDIAN { int i; - byte *p2, *p1; + byte *p2; + const byte *p1; for(i=0, p1=data, p2=(byte*)in; i < 16; i++, p2 += 4 ) { p2[3] = *p1++; diff --git a/cipher/md5.c b/cipher/md5.c index 4793882..a98678a 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -91,7 +91,8 @@ transform ( MD5_CONTEXT *ctx, const unsigned char *data ) #ifdef WORDS_BIGENDIAN { int i; - byte *p2, *p1; + byte *p2; + const byte *p1; for(i=0, p1=data, p2=(byte*)correct_words; i < 16; i++, p2 += 4 ) { p2[3] = *p1++; diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 552cff9..179a4d9 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -168,7 +168,8 @@ transform ( RMD160_CONTEXT *hd, const unsigned char *data ) u32 x[16]; { int i; - byte *p2, *p1; + byte *p2; + const byte *p1; for (i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 ) { p2[3] = *p1++; commit 86e72b490a5790a9c23341067c7e4d3e38be1634 Author: Vladimir Serbinenko Date: Thu Apr 18 13:22:34 2013 +0200 Fix alignment problem in serpent.c. * cipher/serpent.c (serpent_key_prepare): Fix misaligned access. (serpent_setkey): Likewise. (serpent_encrypt_internal): Likewise. (serpent_decrypt_internal): Likewise. (serpent_encrypt): Don't put an alignment-increasing cast. (serpent_decrypt): Likewise. (serpent_test): Likewise. -- This is a port of the fix for the Libgcrypt code in GRUB: http://bzr.savannah.gnu.org/lh/grub/trunk/grub/revision/3685 GRUB is FSF copyrighted and thus we can use this code without a DCO. Note that the above fix was not correct and failed the selftests, thus I fixed this fix. GnuPG-bug-id: 1384 Signed-off-by: Werner Koch (cherry picked from commit 8eab66ad6852ec985bfb1e7fec35981d5e31148a) diff --git a/AUTHORS b/AUTHORS index 5c75b3c..a7a8f3f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -103,6 +103,11 @@ Assigns Past and Future Changes ulm at gentoo.org (Changes to cipher/idea.c and related files) +LIBGCRYPT Vladimir Serbinenko 2012-04-26 +Assigns Past and Future Changes +phcoder at gmail.com +(cipher/serpent.c) + Authors with a DCO ================== diff --git a/cipher/serpent.c b/cipher/serpent.c index a78e018..ea14c7e 100644 --- a/cipher/serpent.c +++ b/cipher/serpent.c @@ -585,15 +585,14 @@ serpent_key_prepare (const byte *key, unsigned int key_length, int i; /* Copy key. */ - for (i = 0; i < key_length / 4; i++) - { + memcpy (key_prepared, key, key_length); + key_length /= 4; #ifdef WORDS_BIGENDIAN - key_prepared[i] = byte_swap_32 (((u32 *) key)[i]); + for (i = 0; i < key_length; i++) + key_prepared[i] = byte_swap_32 (key_prepared[i]); #else - key_prepared[i] = ((u32 *) key)[i]; + i = key_length; #endif - } - if (i < 8) { /* Key must be padded according to the Serpent @@ -707,21 +706,17 @@ serpent_setkey (void *ctx, static void serpent_encrypt_internal (serpent_context_t *context, - const serpent_block_t input, serpent_block_t output) + const byte *input, byte *output) { serpent_block_t b, b_next; int round = 0; + memcpy (b, input, sizeof (b)); #ifdef WORDS_BIGENDIAN - b[0] = byte_swap_32 (input[0]); - b[1] = byte_swap_32 (input[1]); - b[2] = byte_swap_32 (input[2]); - b[3] = byte_swap_32 (input[3]); -#else - b[0] = input[0]; - b[1] = input[1]; - b[2] = input[2]; - b[3] = input[3]; + b[0] = byte_swap_32 (b[0]); + b[1] = byte_swap_32 (b[1]); + b[2] = byte_swap_32 (b[2]); + b[3] = byte_swap_32 (b[3]); #endif ROUND (0, context->keys, b, b_next); @@ -759,35 +754,27 @@ serpent_encrypt_internal (serpent_context_t *context, ROUND_LAST (7, context->keys, b, b_next); #ifdef WORDS_BIGENDIAN - output[0] = byte_swap_32 (b_next[0]); - output[1] = byte_swap_32 (b_next[1]); - output[2] = byte_swap_32 (b_next[2]); - output[3] = byte_swap_32 (b_next[3]); -#else - output[0] = b_next[0]; - output[1] = b_next[1]; - output[2] = b_next[2]; - output[3] = b_next[3]; + b_next[0] = byte_swap_32 (b_next[0]); + b_next[1] = byte_swap_32 (b_next[1]); + b_next[2] = byte_swap_32 (b_next[2]); + b_next[3] = byte_swap_32 (b_next[3]); #endif + memcpy (output, b_next, sizeof (b_next)); } static void serpent_decrypt_internal (serpent_context_t *context, - const serpent_block_t input, serpent_block_t output) + const byte *input, byte *output) { serpent_block_t b, b_next; int round = ROUNDS; + memcpy (b_next, input, sizeof (b)); #ifdef WORDS_BIGENDIAN - b_next[0] = byte_swap_32 (input[0]); - b_next[1] = byte_swap_32 (input[1]); - b_next[2] = byte_swap_32 (input[2]); - b_next[3] = byte_swap_32 (input[3]); -#else - b_next[0] = input[0]; - b_next[1] = input[1]; - b_next[2] = input[2]; - b_next[3] = input[3]; + b_next[0] = byte_swap_32 (b_next[0]); + b_next[1] = byte_swap_32 (b_next[1]); + b_next[2] = byte_swap_32 (b_next[2]); + b_next[3] = byte_swap_32 (b_next[3]); #endif ROUND_FIRST_INVERSE (7, context->keys, b_next, b); @@ -824,18 +811,13 @@ serpent_decrypt_internal (serpent_context_t *context, ROUND_INVERSE (1, context->keys, b, b_next); ROUND_INVERSE (0, context->keys, b, b_next); - #ifdef WORDS_BIGENDIAN - output[0] = byte_swap_32 (b_next[0]); - output[1] = byte_swap_32 (b_next[1]); - output[2] = byte_swap_32 (b_next[2]); - output[3] = byte_swap_32 (b_next[3]); -#else - output[0] = b_next[0]; - output[1] = b_next[1]; - output[2] = b_next[2]; - output[3] = b_next[3]; + b_next[0] = byte_swap_32 (b_next[0]); + b_next[1] = byte_swap_32 (b_next[1]); + b_next[2] = byte_swap_32 (b_next[2]); + b_next[3] = byte_swap_32 (b_next[3]); #endif + memcpy (output, b_next, sizeof (b_next)); } static void @@ -843,8 +825,7 @@ serpent_encrypt (void *ctx, byte *buffer_out, const byte *buffer_in) { serpent_context_t *context = ctx; - serpent_encrypt_internal (context, - (const u32 *) buffer_in, (u32 *) buffer_out); + serpent_encrypt_internal (context, buffer_in, buffer_out); _gcry_burn_stack (2 * sizeof (serpent_block_t)); } @@ -853,9 +834,7 @@ serpent_decrypt (void *ctx, byte *buffer_out, const byte *buffer_in) { serpent_context_t *context = ctx; - serpent_decrypt_internal (context, - (const u32 *) buffer_in, - (u32 *) buffer_out); + serpent_decrypt_internal (context, buffer_in, buffer_out); _gcry_burn_stack (2 * sizeof (serpent_block_t)); } @@ -914,9 +893,7 @@ serpent_test (void) { serpent_setkey_internal (&context, test_data[i].key, test_data[i].key_length); - serpent_encrypt_internal (&context, - (const u32 *) test_data[i].text_plain, - (u32 *) scratch); + serpent_encrypt_internal (&context, test_data[i].text_plain, scratch); if (memcmp (scratch, test_data[i].text_cipher, sizeof (serpent_block_t))) switch (test_data[i].key_length) @@ -929,9 +906,7 @@ serpent_test (void) return "Serpent-256 test encryption failed."; } - serpent_decrypt_internal (&context, - (const u32 *) test_data[i].text_cipher, - (u32 *) scratch); + serpent_decrypt_internal (&context, test_data[i].text_cipher, scratch); if (memcmp (scratch, test_data[i].text_plain, sizeof (serpent_block_t))) switch (test_data[i].key_length) { ----------------------------------------------------------------------- Summary of changes: AUTHORS | 5 +++ cipher/Makefile.am | 2 +- cipher/idea.c | 54 ++++++++++++++++---------------- cipher/md4.c | 3 +- cipher/md5.c | 3 +- cipher/rmd160.c | 3 +- cipher/serpent.c | 87 ++++++++++++++++++--------------------------------- 7 files changed, 70 insertions(+), 87 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 18 16:26:56 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 18 Apr 2013 16:26:56 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH, updated. libgcrypt-1.5.1-11-gf1f0168 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-5-BRANCH has been updated via f1f016855418aae561ede4472590d45a24ab4476 (commit) from 4cd279556777e02eda79973f68efaa4b741f9175 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f1f016855418aae561ede4472590d45a24ab4476 Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 cipher: Fix regression in Padlock support. * cipher/rijndael.c (do_setkey): Remove dummy padlock key generation case and use the standard one. -- This is really a brown paper bag bug. I should have been able to fix it by a bit of code staring or bi-secting it myself. Instead Rafa?l Carr? did this and with the donation of a VIA nano board from Stefan Kr?ger. Thanks to both of you. (regression since commit b825c5db17292988d261fefdc83cbc43d97d4b02) Signed-off-by: Werner Koch diff --git a/THANKS b/THANKS index 41f4c77..0f47d4f 100644 --- a/THANKS +++ b/THANKS @@ -130,6 +130,7 @@ Stephan M?ller smueller at atsec com Stephane Corthesy stephane at sente.ch Stefan Karrmann S.Karrmann at gmx.net Stefan Keller dres at cs.tu-berlin.de +Stefan Kr?ger stadtkind2 at gmx de Steffen Ullrich ccrlphr at xensei.com Steffen Zahn zahn at berlin.snafu.de Steven Bakker steven at icoe.att.com diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 9816280..4e8eb3a 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -279,15 +279,10 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) ctx->rounds = rounds; + /* NB: We don't yet support Padlock hardware key generation. */ + if (0) ; -#ifdef USE_PADLOCK - else if (ctx->use_padlock) - { - /* Nothing to do as we support only hardware key generation for - now. */ - } -#endif /*USE_PADLOCK*/ #ifdef USE_AESNI_is_disabled_here else if (ctx->use_aesni && ctx->rounds == 10) { ----------------------------------------------------------------------- Summary of changes: THANKS | 1 + cipher/rijndael.c | 9 ++------- 2 files changed, 3 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 18 16:41:10 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 18 Apr 2013 16:41:10 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-123-g6c942ec Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 6c942ec4d63032539f1fc56c3b970cfec2369e2b (commit) from 03557687a09b9c8878c77cbfdd0f5049940c72da (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6c942ec4d63032539f1fc56c3b970cfec2369e2b Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 cipher: Fix regression in Padlock support. * cipher/rijndael.c (do_setkey): Remove dummy padlock key generation case and use the standard one. -- This is really a brown paper bag bug. I should have been able to fix it by a bit of code staring or bi-secting it myself. Instead Rafa?l Carr? did this and with the donation of a VIA nano board from Stefan Kr?ger. Thanks to both of you. (regression since commit b825c5db17292988d261fefdc83cbc43d97d4b02) Signed-off-by: Werner Koch (cherry picked from commit f1f016855418aae561ede4472590d45a24ab4476) diff --git a/THANKS b/THANKS index 41f4c77..0f47d4f 100644 --- a/THANKS +++ b/THANKS @@ -130,6 +130,7 @@ Stephan M?ller smueller at atsec com Stephane Corthesy stephane at sente.ch Stefan Karrmann S.Karrmann at gmx.net Stefan Keller dres at cs.tu-berlin.de +Stefan Kr?ger stadtkind2 at gmx de Steffen Ullrich ccrlphr at xensei.com Steffen Zahn zahn at berlin.snafu.de Steven Bakker steven at icoe.att.com diff --git a/cipher/rijndael.c b/cipher/rijndael.c index a3080f5..8d4036b 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -285,15 +285,10 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) ctx->rounds = rounds; + /* NB: We don't yet support Padlock hardware key generation. */ + if (0) ; -#ifdef USE_PADLOCK - else if (ctx->use_padlock) - { - /* Nothing to do as we support only hardware key generation for - now. */ - } -#endif /*USE_PADLOCK*/ #ifdef USE_AESNI_is_disabled_here else if (ctx->use_aesni && ctx->rounds == 10) { ----------------------------------------------------------------------- Summary of changes: THANKS | 1 + cipher/rijndael.c | 9 ++------- 2 files changed, 3 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 18 17:53:58 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 18 Apr 2013 17:53:58 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH, updated. libgcrypt-1.5.1-16-g0c528af Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-5-BRANCH has been updated via 0c528aff1b28f0a317ae94675228c04db7a832da (commit) via 8bfe337b5a3294124ea86a6f5c722eaa9bace998 (commit) via 85721d6865ad5d23fa063c72a0f3946bf51f2d74 (commit) via 55f3f9ee097ae0fe3242bdb0e9178bc40753f78e (commit) via 411e6ef17db4d5105e1d02d37759793a9dc87c32 (commit) from f1f016855418aae561ede4472590d45a24ab4476 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0c528aff1b28f0a317ae94675228c04db7a832da Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index 1ab0d89..8abe6fe 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.5.3 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 1.5.2 (2013-04-18) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 37d11b1..e631c94 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ min_automake_version="1.11" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [5]) -m4_define(mym4_version_micro, [2]) +m4_define(mym4_version_micro, [3]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag diff --git a/doc/announce.txt b/doc/announce.txt index 0552b0f..56dfdf6 100644 --- a/doc/announce.txt +++ b/doc/announce.txt @@ -5,55 +5,46 @@ Cc: gcrypt-devel at gnupg.org Hello! The GNU project is pleased to announce the availability of Libgcrypt -version 1.5.1. This is a maintenance release for the stable branch. +version 1.5.2. This is a maintenance release for the stable branch. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. -Noteworthy changes in version 1.5.1: +Noteworthy changes in version 1.5.2: - * Allow empty passphrase with PBKDF2. + * Added support for IDEA. - * Do not abort on an invalid algorithm number in - gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen. + * Made the Padlock code work again (regression since 1.5.0). - * Fixed some Valgrind warnings. + * Fixed alignment problems for Serpent. - * Fixed a problem with select and high fd numbers. - - * Improved the build system - - * Various minor bug fixes. - - * Interface changes relative to the 1.5.0 release: - GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW. - GCRYPT_VERSION_NUMBER NEW. + * Fixed two bugs in ECC computations. Source code is hosted at the GnuPG FTP server and its mirrors as listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source file and its digital signatures is: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1.tar.bz2 (1.5M) - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1.tar.bz2.sig + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.bz2 (1.5M) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.bz2.sig This file is bzip2 compressed. A gzip compressed version is also available: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1.tar.gz (1.7M) - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1.tar.gz.sig + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.gz (1.8M) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.gz.sig -Alternativley you may upgrade version 1.5.0 using this patch file: +Alternativley you may upgrade version 1.5.1 using this patch file: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.0-1.5.1.diff.bz2 (255k) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1-1.5.2.diff.bz2 (12k) The SHA-1 checksums are: -8b60a26b7eae1a727d58932d6b1efeb5716648ed libgcrypt-1.5.1.tar.bz2 -f1ab9ce6ac8c7370d455c77c96b36bf18e2d9c95 libgcrypt-1.5.1.tar.gz -e1b2f59a8771e8a0358dbd9a8eaa3250015cf49e libgcrypt-1.5.0-1.5.1.diff.bz2 +c9998383532ba3e8bcaf690f2f0d65e814b48d2f libgcrypt-1.5.2.tar.bz2 +fb54bfea3e276a366009c5a6296eb83cf5e7c14b libgcrypt-1.5.2.tar.gz +086ac76cf91987f66666872cc7d5d5d33c68967e libgcrypt-1.5.1-1.5.2.diff.bz2 For help on developing with Libgcrypt you should read the included commit 8bfe337b5a3294124ea86a6f5c722eaa9bace998 Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 Release 1.5.2. commit 85721d6865ad5d23fa063c72a0f3946bf51f2d74 Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 Prepare the next release. -- diff --git a/NEWS b/NEWS index c4f32e7..1ab0d89 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,14 @@ -Noteworthy changes in version 1.5.2 (unreleased) +Noteworthy changes in version 1.5.2 (2013-04-18) ------------------------------------------------ + * Added support for IDEA. + + * Made the Padlock code work again (regression since 1.5.0). + + * Fixed alignment problems for Serpent. + + * Fixed two bugs in ECC computations. + Noteworthy changes in version 1.5.1 (2013-03-18) ------------------------------------------------ commit 55f3f9ee097ae0fe3242bdb0e9178bc40753f78e Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 Update LT version for the next release. * configure.ac: Set LT version to C19/A8/R1. diff --git a/configure.ac b/configure.ac index 0bcc8ae..37d11b1 100644 --- a/configure.ac +++ b/configure.ac @@ -59,7 +59,7 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org]) # LIBGCRYPT_LT_CURRENT=19 LIBGCRYPT_LT_AGE=8 -LIBGCRYPT_LT_REVISION=0 +LIBGCRYPT_LT_REVISION=1 # If the API is changed in an incompatible way: increment the next counter. commit 411e6ef17db4d5105e1d02d37759793a9dc87c32 Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 mpi: Yet another fix to get option flag munging right. * cipher/Makefile.am (o_flag_munging): Yet another fix. -- (cherry picked from commit 03557687a09b9c8878c77cbfdd0f5049940c72da) diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 1109c9d..76cdc96 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -69,7 +69,7 @@ rfc2268.c \ camellia.c camellia.h camellia-glue.c if ENABLE_O_FLAG_MUNGING -o_flag_munging = sed -e 's/-O([2-9s]|fast)*/-O1/g' +o_flag_munging = sed -e 's/-O$[2-9s][2-9s]*$/-O1/' -e 's/-Ofast/-O1/g' else o_flag_munging = cat endif ----------------------------------------------------------------------- Summary of changes: NEWS | 14 +++++++++++++- cipher/Makefile.am | 2 +- configure.ac | 4 ++-- doc/announce.txt | 39 +++++++++++++++------------------------ 4 files changed, 31 insertions(+), 28 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 19 12:19:35 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 19 Apr 2013 12:19:35 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-207-gff61152 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via ff6115227a1ced14e2fb3d160a12181b9dfbc502 (commit) from 96fc29950a8508e936ad4546617d91a40226639e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ff6115227a1ced14e2fb3d160a12181b9dfbc502 Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 doc: Formatting fixes. * doc/Makefile.am (.fig.jpg): Correct to use -L jpeg. * doc/gpg.texi: Fix cross reference for --options. * doc/gpgsm.texi: Likewise. * doc/gpl.texi: Fix enumerate and re-indent examples. -- Reported-by: Ian Abbott Signed-off-by: Werner Koch diff --git a/THANKS b/THANKS index 5bde9f3..d366707 100644 --- a/THANKS +++ b/THANKS @@ -105,6 +105,7 @@ Holger Smolinski smolinsk at de.ibm.com Holger Trapp Holger.Trapp at informatik.tu-chemnitz.de Hugh Daniel hugh at toad.com Huy Le huyle at ugcs.caltech.edu +Ian Abbott abbotti at mev.co.uk Ian McKellar imckellar at harvestroad.com.au Ingo Kl?cker kloecker at kde.org Ivo Timmermans itimmermans at bigfoot.com diff --git a/doc/Makefile.am b/doc/Makefile.am index 17d5997..4d6d475 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -88,7 +88,7 @@ yat2m: yat2m.c fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@ .fig.jpg: - fig2dev -L jpg `test -f '$<' || echo '$(srcdir)/'`$< $@ + fig2dev -L jpeg `test -f '$<' || echo '$(srcdir)/'`$< $@ .fig.eps: fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@ diff --git a/doc/gpg.texi b/doc/gpg.texi index 7194112..cec4581 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1293,9 +1293,7 @@ encoded in the character set as specified by @option{--display-charset}. These options affect all following arguments. Both options may be used multiple times. - at ifset gpgone - at anchor{option --options} - at end ifset + at anchor{gpg-option --options} @item --options @code{file} @opindex options Read options from @code{file} and do not try to read them from the @@ -2929,7 +2927,7 @@ current home directory (@pxref{option --homedir}). This is the standard configuration file read by @command{@gpgname} on startup. It may contain any valid long option; the leading two dashes may not be entered and the option may not be abbreviated. This default - name may be changed on the command line (@pxref{option --options}). + name may be changed on the command line (@pxref{gpg-option --options}). You should backup this file. @end table diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index bdb0378..6a84391 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -319,6 +319,7 @@ in the option file. @table @gnupgtabopt + at anchor{gpgsm-option --options} @item --options @var{file} @opindex options Reads configuration from @var{file} instead of from the default @@ -760,8 +761,8 @@ current home directory (@pxref{option --homedir}). This is the standard configuration file read by @command{gpgsm} on startup. It may contain any valid long option; the leading two dashes may not be entered and the option may not be abbreviated. This default -name may be changed on the command line (@pxref{option - --options}). You should backup this file. +name may be changed on the command line (@pxref{gpgsm-option --options}). +You should backup this file. @item policies.txt diff --git a/doc/gpl.texi b/doc/gpl.texi index 7f9a48a..d13e9e4 100644 --- a/doc/gpl.texi +++ b/doc/gpl.texi @@ -228,7 +228,7 @@ terms of section 4, provided that you also meet all of these conditions: @enumerate a - at item + at item The work must carry prominent notices stating that you modified it, and giving a relevant date. @@ -659,12 +659,15 @@ an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + at end enumerate + @iftex @heading END OF TERMS AND CONDITIONS @end iftex @ifinfo @center END OF TERMS AND CONDITIONS @end ifinfo + @unnumberedsec How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest @@ -675,9 +678,11 @@ terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least -the ``copyright'' line and a pointer to where the full notice is found. - at smallexample - at var{one line to give the program's name and a brief idea of what it does.} +the ``copyright'' line and a pointer to where the full notice is +found. + + at example + at var{one line to give the program's name and a brief idea of what it does.} Copyright (C) @var{year} @var{name of author} This program is free software: you can redistribute it and/or modify @@ -692,17 +697,21 @@ General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see @url{http://www.gnu.org/licenses/}. - at end smallexample + at end example + at noindent Also add information on how to contact you by electronic and paper mail. + at noindent If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: @smallexample - at var{program} Copyright (C) @var{year} @var{name of author} -This program comes with ABSOLUTELY NO WARRANTY; for details type @samp{show w}. -This is free software, and you are welcome to redistribute it under certain conditions; type @samp{show c} for details. + at var{program} Copyright (C) @var{year} @var{name of author} +This program comes with ABSOLUTELY NO WARRANTY; for details +type @samp{show w}. This is free software, and you are +welcome to redistribute it under certain conditions; +type @samp{show c} for details. @end smallexample The hypothetical commands @samp{show w} and @samp{show c} should show @@ -721,5 +730,3 @@ library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read @url{http://www.gnu.org/philosophy/why-not-lgpl.html}. - - at end enumerate ----------------------------------------------------------------------- Summary of changes: THANKS | 1 + doc/Makefile.am | 2 +- doc/gpg.texi | 6 ++---- doc/gpgsm.texi | 5 +++-- doc/gpl.texi | 27 +++++++++++++++++---------- 5 files changed, 24 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 19 12:38:38 2013 From: cvs at cvs.gnupg.org (by Daiki Ueno) Date: Fri, 19 Apr 2013 12:38:38 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-208-ge498180 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e498180d5647d3427a7d7e6c82a9f09cf1ba439d (commit) from ff6115227a1ced14e2fb3d160a12181b9dfbc502 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e498180d5647d3427a7d7e6c82a9f09cf1ba439d Author: Daiki Ueno Date: Tue Apr 2 15:45:58 2013 +0900 Make sure to call fflush if estream_t is backed with stdio * common/estream.c (es_func_fp_write): Call fflush after fwrite. diff --git a/common/estream.c b/common/estream.c index 79fa405..79e3efb 100644 --- a/common/estream.c +++ b/common/estream.c @@ -1275,6 +1275,7 @@ es_func_fp_write (void *cookie, const void *buffer, size_t size) #else bytes_written = fwrite (buffer, 1, size, file_cookie->fp); #endif + fflush (file_cookie->fp); } else bytes_written = size; /* Successfully written to the bit bucket. */ ----------------------------------------------------------------------- Summary of changes: common/estream.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 22 09:42:17 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Apr 2013 09:42:17 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-209-gd6798d2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d6798d261cbe6519ef5b3ebb474e2ad348442c0c (commit) from e498180d5647d3427a7d7e6c82a9f09cf1ba439d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d6798d261cbe6519ef5b3ebb474e2ad348442c0c Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 gpgsm: Remove non-implemented commands from --help. * sm/gpgsm.c (opts): Removed commands --clearsign, --symmetric, --send-keys, and --recv-keys. -- GnuPG-bug-id: 1064 Signed-off-by: Werner Koch diff --git a/sm/gpgsm.c b/sm/gpgsm.c index b001682..fa56a39 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -189,10 +189,10 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_group (300, N_("@Commands:\n ")), ARGPARSE_c (aSign, "sign", N_("make a signature")), - ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature") ), +/*ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature") ),*/ ARGPARSE_c (aDetachedSign, "detach-sign", N_("make a detached signature")), ARGPARSE_c (aEncr, "encrypt", N_("encrypt data")), - ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")), +/*ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),*/ ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")), ARGPARSE_c (aVerify, "verify", N_("verify a signature")), ARGPARSE_c (aListKeys, "list-keys", N_("list keys")), @@ -204,8 +204,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")), ARGPARSE_c (aDeleteKey, "delete-keys", N_("remove keys from the public keyring")), - ARGPARSE_c (aSendKeys, "send-keys", N_("export keys to a key server")), - ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a key server")), +/*ARGPARSE_c (aSendKeys, "send-keys", N_("export keys to a key server")),*/ +/*ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a key server")),*/ ARGPARSE_c (aImport, "import", N_("import certificates")), ARGPARSE_c (aExport, "export", N_("export certificates")), ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"), ----------------------------------------------------------------------- Summary of changes: sm/gpgsm.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 22 20:56:57 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Apr 2013 20:56:57 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-108-gd6e3755 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via d6e37554d20a96a6bc85455626fff31157233080 (commit) via 44ded889e7d62cab3f531b616cedd6284d6b58a3 (commit) via abbee36cff448bc3960ab4c20e99869ced88ded4 (commit) via 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1 (commit) via 7db5c81e3a40b60e146f29c6744a33fd1b88c090 (commit) via a206c9ee6e09214fe6bc1c1386ef8aa6808b7c89 (commit) via 18ae751f28ac7f4be4049f5f83a7d4615c054fb2 (commit) via 681338bfd344f6928e1e3037c948c46c2e589bd3 (commit) via e24e92d7e244edd578c0c1f0fba6e0070cb5f104 (commit) via 54c54e2824aab5716a187bbbf6dff8860d6a6056 (commit) via da0925973ef38e1ba82dbc19d829fb11677efc74 (commit) from 79d7e1d86bbd658c14a2f9cf3b7b4b5562df17c3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d6e37554d20a96a6bc85455626fff31157233080 Author: Werner Koch Date: Fri Nov 16 10:35:33 2012 +0100 Update NEWS and README -- diff --git a/NEWS b/NEWS index d10dad4..166b871 100644 --- a/NEWS +++ b/NEWS @@ -3,16 +3,31 @@ Noteworthy changes in version 2.0.20 (unreleased) * The hash algorithm is now printed for sig records in key listings. + * Decryption using smartcards keys > 3072 bit does not work. + + * New meta option ignore-invalid-option to allow using the same + option file by other GnuPG versions. + + * [gpg] Skip invalid keyblock packets during import to avoid a DoS. + + * [gpg] Correctly handle ports from DNS SRV records. + + * [gpg-agent] Avoid tty corruption when killing pinentry. + + * [scdaemon] Rename option --disable-keypad to --disable-pinpad. + + * [scdaemon] Better support for CCID readers. Now, the internal CCID + driver supports readers without the auto configuration feature. + * [scdaemon] Add pinpad input for PC/SC, if your reader has pinpad and it supports variable length PIN input, and you specify --enable-pinpad-varlen option. * [scdaemon] New option --enable-pinpad-varlen. - * [scdaemon] Rename option --disable-pinpad (was: --disable-keypad). + * [scdaemon] Install into libexecdir to avoid accidental execution + from the command line. - * [scdaemon] Better support fo CCID readers. Now, internal CCID - driver supports readers with no auto configuration feature. Noteworthy changes in version 2.0.19 (2012-03-27) diff --git a/README b/README index e7289c9..affb7da 100644 --- a/README +++ b/README @@ -4,7 +4,7 @@ Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, - 2012 Free Software Foundation, Inc. + 2012, 2013 Free Software Foundation, Inc. INTRODUCTION @@ -68,6 +68,16 @@ Note that the PKITS tests are always skipped unless you copy the PKITS test data file into the tests/pkits directory. +INCOMPATIBLE CHANGES +==================== + +- With 2.0.20 the scdaemon option 'disable-keypad' has been renamed to + 'disable-pinpad'. If you are using this option in scdaemon.conf you + should rename it there. In case you are using this option to work + around a problem with your card reader, you may want to test whether + this version of GnuPG works better with your reader. + + DOCUMENTATION ============= commit 44ded889e7d62cab3f531b616cedd6284d6b58a3 Author: Werner Koch Date: Fri Nov 16 10:35:33 2012 +0100 Fix bashism in autogen.sh. -- The use of options for cp is not required. Probably c+p cruft. diff --git a/autogen.sh b/autogen.sh index 646b8a0..6001707 100755 --- a/autogen.sh +++ b/autogen.sh @@ -209,7 +209,7 @@ if [ -d .git ]; then To deactivate this pre-commit hook again move .git/hooks/pre-commit and .git/hooks/pre-commit.sample out of the way. EOF - cp -av .git/hooks/pre-commit.sample .git/hooks/pre-commit + cp .git/hooks/pre-commit.sample .git/hooks/pre-commit chmod -c +x .git/hooks/pre-commit fi tmp=$(git config --get filter.cleanpo.clean) @@ -223,7 +223,7 @@ EOF cat <&2 *** Activating commit log message check hook. *** EOF - cp -av scripts/git-hooks/commit-msg .git/hooks/commit-msg + cp scripts/git-hooks/commit-msg .git/hooks/commit-msg chmod -c +x .git/hooks/commit-msg fi fi commit abbee36cff448bc3960ab4c20e99869ced88ded4 Author: Werner Koch Date: Fri Nov 16 10:35:33 2012 +0100 Try to use w64 toolchain for --build-w32. -- diff --git a/autogen.sh b/autogen.sh index 289c21e..646b8a0 100755 --- a/autogen.sh +++ b/autogen.sh @@ -62,7 +62,7 @@ if test "$1" = "--build-w32"; then # Locate the cross compiler crossbindir= - for host in i586-mingw32msvc i386-mingw32msvc mingw32; do + for host in i686-w64-mingw32 i586-mingw32msvc i386-mingw32msvc mingw32; do if ${host}-gcc --version >/dev/null 2>&1 ; then crossbindir=/usr/${host}/bin conf_CC="CC=${host}-gcc" commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1 Author: Werner Koch Date: Sat Dec 15 11:28:00 2012 +0100 Fix potential heap corruption in "gpg -v --version". * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. -- This fixes an obvious bug in locales where the translated string is longer than the original. The bug could be exhibited by using LANG=ru_RU.utf8 gpg -v --version. En passant we also removed the trailing white space on continued lines. Reported-by: Dmitry V. Levin" (cherry picked from commit e33e74e3a4b2b4a0341f933410ddd5db7a12515e) Note that this version uses utf8_charcount to get the indentation mostly right. Signed-off-by: Werner Koch diff --git a/g10/gpg.c b/g10/gpg.c index 6e55b44..b773099 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -40,6 +40,7 @@ #include "packet.h" #include "../common/iobuf.h" #include "util.h" +#include "membuf.h" #include "main.h" #include "options.h" #include "keydb.h" @@ -884,57 +885,53 @@ my_strusage( int level ) static char * -build_list( const char *text, char letter, - const char * (*mapf)(int), int (*chkf)(int) ) +build_list (const char *text, char letter, + const char * (*mapf)(int), int (*chkf)(int)) { - int i; - const char *s; - size_t n=strlen(text)+2; - char *list, *p, *line=NULL; - - if (maybe_setuid) - gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ - - for(i=0; i <= 110; i++ ) - if( !chkf(i) && (s=mapf(i)) ) - n += strlen(s) + 7 + 2; - list = xmalloc( 21 + n ); *list = 0; - for(p=NULL, i=0; i <= 110; i++ ) { - if( !chkf(i) && (s=mapf(i)) ) { - if( !p ) { - p = stpcpy( list, text ); - line=p; - } - else - p = stpcpy( p, ", "); + membuf_t mb; + int indent; + int i, j, len; + const char *s; + char *string; - if(strlen(line)>60) { - int spaces=strlen(text); + if (maybe_setuid) + gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ - list=xrealloc(list,n+spaces+1); - /* realloc could move the block, so find the end again */ - p=list; - while(*p) - p++; + indent = utf8_charcount (text); + len = 0; + init_membuf (&mb, 512); - p=stpcpy(p, "\n"); - line=p; - for(;spaces;spaces--) - p=stpcpy(p, " "); + for (i=0; i <= 110; i++ ) + { + if (!chkf (i) && (s = mapf (i))) + { + if (mb.len - len > 60) + { + put_membuf_str (&mb, ",\n"); + len = mb.len; + for (j=0; j < indent; j++) + put_membuf_str (&mb, " "); } + else if (mb.len) + put_membuf_str (&mb, ", "); + else + put_membuf_str (&mb, text); - p = stpcpy(p, s ); - if(opt.verbose && letter) - { - char num[8]; - sprintf(num," (%c%d)",letter,i); - p = stpcpy(p,num); - } + put_membuf_str (&mb, s); + if (opt.verbose && letter) + { + char num[20]; + snprintf (num, sizeof num, " (%c%d)", letter, i); + put_membuf_str (&mb, num); + } } } - if( p ) - p = stpcpy(p, "\n" ); - return list; + if (mb.len) + put_membuf_str (&mb, "\n"); + put_membuf (&mb, "", 1); + + string = get_membuf (&mb, NULL); + return xrealloc (string, strlen (string)+1); } commit 7db5c81e3a40b60e146f29c6744a33fd1b88c090 Author: Werner Koch Date: Fri Nov 16 10:35:33 2012 +0100 Comment fixes. -- Reported-by: Daniel Kahn Gillmor diff --git a/g10/sign.c b/g10/sign.c index 91f7f84..7d5236a 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -367,10 +367,10 @@ match_dsa_hash (unsigned int qbytes) /* First try --digest-algo. If that isn't set, see if the recipient has a preferred algorithm (which is also filtered through - --preferred-digest-prefs). If we're making a signature without a + --personal-digest-prefs). If we're making a signature without a particular recipient (i.e. signing, rather than signing+encrypting) - then take the first algorithm in --preferred-digest-prefs that is - usable for the pubkey algorithm. If --preferred-digest-prefs isn't + then take the first algorithm in --personal-digest-prefs that is + usable for the pubkey algorithm. If --personal-digest-prefs isn't set, then take the OpenPGP default (i.e. SHA-1). Possible improvement: Use the highest-ranked usable algorithm from commit a206c9ee6e09214fe6bc1c1386ef8aa6808b7c89 Author: Werner Koch Date: Fri Nov 16 10:35:33 2012 +0100 Adjust git-log-fix for cherry-picked commits. -- diff --git a/scripts/git-log-fix b/scripts/git-log-fix index 6760e86..2879d92 100644 --- a/scripts/git-log-fix +++ b/scripts/git-log-fix @@ -2,9 +2,9 @@ # option. It specifies what changes to make to each given SHA1's commit # log and metadata, using Perl-eval'able expressions. -08178d1e130a856622c0b938a34eb109bde79262 +8dff0096132fff70a5ee29a50222aebcd9b41ec7 s/Conflicts:/--/ -dafa7aa621dfe36c5c6cf462d3ec0d6c614ab105 +d9d98c510b936d48755f8c01165d7efa32502d24 # Fix old cherry-picked message. s/(fix wLangId in.*)/\1\n--/ commit 18ae751f28ac7f4be4049f5f83a7d4615c054fb2 Author: Werner Koch Date: Fri Nov 16 10:35:33 2012 +0100 Switch to the new automagic beta numbering scheme. * configure.ac: Add all the required m4 magic. -- This also removes the hack to allow custom version numbers which are not considered a development version. A custom version number can be done anyway by simply setting the version to it and tag the release with it. This is a backport from master including the later patch to use rev-parse. diff --git a/README.maint b/README.maint new file mode 100644 index 0000000..d1286ef --- /dev/null +++ b/README.maint @@ -0,0 +1,4 @@ + Notes for the GnuPG maintainer (GIT only) + ============================================ + + Please see GIT master for the current version of this file. diff --git a/configure.ac b/configure.ac index b1946a3..b04f55f 100644 --- a/configure.ac +++ b/configure.ac @@ -22,24 +22,27 @@ AC_PREREQ(2.61) min_automake_version="1.10" -# Remember to change the version number immediately *after* a release. -# Set my_issvn to "yes" for non-released code. Remember to run an -# "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [2.0.20]) -m4_define([my_issvn], [yes]) - -m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ - | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) -m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \ - | awk '/^\* / {printf "%s",$3}'])) -m4_define([my_full_version], [my_version[]m4_if(my_issvn,[yes], - [m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])]) - -AC_INIT([gnupg],[my_full_version],[http://bugs.gnupg.org]) -# Set development_version to yes if the minor number is odd or you -# feel that the default check for a development version is not -# sufficient. -development_version=no +# To build a release you need to create a tag with the version number +# (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please +# bump the version number immediately *after* the release and do +# another commit and push so that the git magic is able to work. +m4_define([mym4_version], [2.0.20]) + +# Below is m4 magic to extract and compute the git revision number, +# the decimalized short revision number, a beta version string and a +# flag indicating a development version (mym4_isgit). Note that the +# m4 processing is done by autoconf and not during the configure run. +m4_define([mym4_revision], + m4_esyscmd([git rev-parse --short HEAD | tr -d '\n\r'])) +m4_define([mym4_revision_dec], + m4_esyscmd_s([echo $((0x$(echo ]mym4_revision[|head -c 4)))])) +m4_define([mym4_betastring], + m4_esyscmd_s([git describe --match 'gnupg-2.[0-9].*[0-9]' --long|\ + awk -F- '$3!=0{print"-beta"$3}'])) +m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes])) +m4_define([mym4_full_version],[mym4_version[]mym4_betastring]) + +AC_INIT([gnupg],[mym4_full_version], [http://bugs.gnupg.org]) NEED_GPG_ERROR_VERSION=1.7 @@ -52,7 +55,7 @@ NEED_LIBASSUAN_VERSION=2.0.0 NEED_KSBA_API=1 NEED_KSBA_VERSION=1.0.7 - +development_version=mym4_isgit PACKAGE=$PACKAGE_NAME PACKAGE_GT=${PACKAGE_NAME}2 VERSION=$PACKAGE_VERSION @@ -1252,19 +1255,7 @@ AC_SUBST(ZLIBS) # Check for readline support GNUPG_CHECK_READLINE -# -# Allow users to append something to the version string without -# flagging it as development version. The user version parts is -# considered everything after a dash. -# -if test "$development_version" != yes; then - changequote(,)dnl - tmp_pat='[a-zA-Z]' - changequote([,])dnl - if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then - development_version=yes - fi -fi + if test "$development_version" = yes; then AC_DEFINE(IS_DEVELOPMENT_VERSION,1, [Defined if this is not a regular release]) @@ -1521,6 +1512,7 @@ AC_OUTPUT echo " GnuPG v${VERSION} has been configured as follows: + Revision: mym4_revision (mym4_revision_dec) Platform: $PRINTABLE_OS_NAME ($host) OpenPGP: $build_gpg commit 681338bfd344f6928e1e3037c948c46c2e589bd3 Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 Update docs from master. * doc/gpg-agent.texi: Update from master. * doc/gpg.texi: Ditto. * doc/gpgsm.texi: Ditto. * doc/gpl.texi: Ditto. * doc/yat2m.c: Ditto. -- (updated from commit d6798d261cbe6519ef5b3ebb474e2ad348442c0c) diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 4c7f13f..dcd96fb 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -796,6 +796,14 @@ certificate is that it will be possible to use the same keypair for different protocols, thereby saving space on the token used to keep the secret keys. + at ifset gpgtwoone +The @command{gpg-agent} may send status messages during a command or when +returning from a command to inform a client about the progress or result of an +operation. For example, the @var{INQUIRE_MAXLEN} status message may be sent +during a server inquire to inform the client of the maximum usable length of +the inquired data (which should not be exceeded). + at end ifset + @menu * Agent PKDECRYPT:: Decrypting a session key * Agent PKSIGN:: Signing a Hash @@ -804,6 +812,10 @@ secret keys. * Agent EXPORT:: Exporting a Secret Key * Agent ISTRUSTED:: Importing a Root Certificate * Agent GET_PASSPHRASE:: Ask for a passphrase +* Agent CLEAR_PASSPHRASE:: Expire a cached passphrase + at ifset gpgtwoone +* Agent PRESET_PASSPHRASE:: Set a passphrase for a keygrip + at end ifset * Agent GET_CONFIRMATION:: Ask for confirmation * Agent HAVEKEY:: Check whether a key is available * Agent LEARN:: Register a smartcard @@ -972,7 +984,12 @@ option allows to choose the storage location. To get the secret key out of the PSE, a special export tool has to be used. @example + at ifset gpgtwoone + GENKEY [--no-protection] [--preset] [] + at end ifset + at ifclear gpgtwoone GENKEY + at end ifclear @end example Invokes the key generation process and the server will then inquire @@ -1017,6 +1034,13 @@ Here is an example session: S OK key created @end example + at ifset gpgtwoone +The @option{--no-protection} option may be used to prevent prompting for a +passphrase to protect the secret key while leaving the secret key unprotected. +The @option{--preset} option may be used to add the passphrase to the cache +using the default cache parameters. + at end ifset + @node Agent IMPORT @subsection Importing a Secret Key @@ -1173,6 +1197,52 @@ may be used to invalidate the cache entry for a passphrase. The function returns with OK even when there is no cached passphrase. + + at node Agent CLEAR_PASSPHRASE + at subsection Remove a cached passphrase + +Use this command to remove a cached passphrase. + + at example + at ifset gpgtwoone + CLEAR_PASSPHRASE [--mode=normal] + at end ifset + at ifclear gpgtwoone + CLEAR_PASSPHRASE + at end ifclear + at end example + + at ifset gpgtwoone +The @option{--mode=normal} option can be used to clear a @var{cache_id} that +was set by gpg-agent. + at end ifset + + + + at ifset gpgtwoone + at node Agent PRESET_PASSPHRASE + at subsection Set a passphrase for a keygrip + +This command adds a passphrase to the cache for the specified @var{keygrip}. + + at example + PRESET_PASSPHRASE [--inquire] [] + at end example + +The passphrase is a hexidecimal string when specified. When not specified, the +passphrase will be retrieved from the pinentry module unless the + at option{--inquire} option was specified in which case the passphrase will be +retrieved from the client. + +The @var{timeout} parameter keeps the passphrase cached for the specified +number of seconds. A value of @code{-1} means infinate while @code{0} means +the default (currently only a timeout of -1 is allowed, which means to never +expire it). + at end ifset + + + + @node Agent GET_CONFIRMATION @subsection Ask for confirmation @@ -1225,12 +1295,22 @@ option given the certificates are send back. @subsection Change a Passphrase @example + at ifset gpgtwoone + PASSWD [--cache-nonce=] [--passwd-nonce=] [--preset] @var{keygrip} + at end ifset + at ifclear gpgtwoone PASSWD @var{keygrip} + at end ifclear @end example This command is used to interactively change the passphrase of the key identified by the hex string @var{keygrip}. + at ifset gpgtwoone +The @option{--preset} option may be used to add the new passphrase to the +cache using the default cache parameters. + at end ifset + @node Agent UPDATESTARTUPTTY @subsection Change the standard display diff --git a/doc/gpg.texi b/doc/gpg.texi index 420326b..cec4581 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -388,7 +388,7 @@ safeguard against accidental deletion of multiple keys. @item --delete-secret-key @code{name} @opindex delete-secret-key -Remove key from the secret and public keyring. In batch mode the key +Remove key from the secret keyring. In batch mode the key must be specified by fingerprint. @item --delete-secret-and-public-key @code{name} @@ -1293,9 +1293,7 @@ encoded in the character set as specified by @option{--display-charset}. These options affect all following arguments. Both options may be used multiple times. - at ifset gpgone - at anchor{option --options} - at end ifset + at anchor{gpg-option --options} @item --options @code{file} @opindex options Read options from @code{file} and do not try to read them from the @@ -2418,7 +2416,7 @@ check. @code{value} may be any printable string; it will be encoded in UTF8, so you should check that your @option{--display-charset} is set correctly. If you prefix @code{name} with an exclamation mark (!), the notation data will be flagged as critical -(rfc2440:5.2.3.15). @option{--sig-notation} sets a notation for data +(rfc4880:5.2.3.16). @option{--sig-notation} sets a notation for data signatures. @option{--cert-notation} sets a notation for key signatures (certifications). @option{--set-notation} sets both. @@ -2440,7 +2438,7 @@ meaningful when using the OpenPGP smartcard. @opindex sig-policy-url @opindex cert-policy-url @opindex set-policy-url -Use @code{string} as a Policy URL for signatures (rfc2440:5.2.3.19). If +Use @code{string} as a Policy URL for signatures (rfc4880:5.2.3.20). If you prefix it with an exclamation mark (!), the policy URL packet will be flagged as critical. @option{--sig-policy-url} sets a policy url for data signatures. @option{--cert-policy-url} sets a policy url for key @@ -2611,6 +2609,26 @@ Note that this passphrase is only used if the option @option{--batch} has also been given. This is different from @command{gpg}. @end ifclear + at ifset gpgtwoone + at item --pinentry-mode @code{mode} + at opindex pinentry-mode +Set the pinentry mode to @code{mode}. Allowed values for @code{mode} +are: + at table @asis + @item default + Use the default of the agent, which is @code{ask}. + @item ask + Force the use of the Pinentry. + @item cancel + Emulate use of Pinentry's cancel button. + @item error + Return a Pinentry error (``No Pinentry''). + @item loopback + Redirect Pinentry queries to the caller. Note that in contrast to + Pinentry the user is not prompted again if he enters a bad password. + at end table + at end ifset + @item --command-fd @code{n} @opindex command-fd This is a replacement for the deprecated shared-memory IPC mode. @@ -2909,7 +2927,7 @@ current home directory (@pxref{option --homedir}). This is the standard configuration file read by @command{@gpgname} on startup. It may contain any valid long option; the leading two dashes may not be entered and the option may not be abbreviated. This default - name may be changed on the command line (@pxref{option --options}). + name may be changed on the command line (@pxref{gpg-option --options}). You should backup this file. @end table @@ -3290,21 +3308,23 @@ If you don't give any of them, no user ID is created. @item Expire-Date: @var{iso-date}|(@var{number}[d|w|m|y]) Set the expiration date for the key (and the subkey). It may either -be entered in ISO date format (2000-08-15) or as number of days, -weeks, month or years. The special notation "seconds=N" is also -allowed to directly give an Epoch value. Without a letter days are -assumed. Note that there is no check done on the overflow of the type -used by OpenPGP for timestamps. Thus you better make sure that the -given value make sense. Although OpenPGP works with time intervals, -GnuPG uses an absolute value internally and thus the last year we can -represent is 2105. +be entered in ISO date format (e.g. "20000815T145012") or as number of +days, weeks, month or years after the creation date. The special +notation "seconds=N" is also allowed to specify a number of seconds +since creation. Without a letter days are assumed. Note that there +is no check done on the overflow of the type used by OpenPGP for +timestamps. Thus you better make sure that the given value make +sense. Although OpenPGP works with time intervals, GnuPG uses an +absolute value internally and thus the last year we can represent is +2105. @item Ceation-Date: @var{iso-date} Set the creation date of the key as stored in the key information and which is also part of the fingerprint calculation. Either a date like "1986-04-26" or a full timestamp like "19860426T042640" may be used. -The time is considered to be UTC. If it is not given the current time -is used. +The time is considered to be UTC. The special notation "seconds=N" +may be used to directly specify a the number of seconds since Epoch +(Unix time). If it is not given the current time is used. @item Preferences: @var{string} Set the cipher, hash, and compression preference values for this key. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index bdb0378..6a84391 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -319,6 +319,7 @@ in the option file. @table @gnupgtabopt + at anchor{gpgsm-option --options} @item --options @var{file} @opindex options Reads configuration from @var{file} instead of from the default @@ -760,8 +761,8 @@ current home directory (@pxref{option --homedir}). This is the standard configuration file read by @command{gpgsm} on startup. It may contain any valid long option; the leading two dashes may not be entered and the option may not be abbreviated. This default -name may be changed on the command line (@pxref{option - --options}). You should backup this file. +name may be changed on the command line (@pxref{gpgsm-option --options}). +You should backup this file. @item policies.txt diff --git a/doc/gpl.texi b/doc/gpl.texi index 7f9a48a..d13e9e4 100644 --- a/doc/gpl.texi +++ b/doc/gpl.texi @@ -228,7 +228,7 @@ terms of section 4, provided that you also meet all of these conditions: @enumerate a - at item + at item The work must carry prominent notices stating that you modified it, and giving a relevant date. @@ -659,12 +659,15 @@ an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + at end enumerate + @iftex @heading END OF TERMS AND CONDITIONS @end iftex @ifinfo @center END OF TERMS AND CONDITIONS @end ifinfo + @unnumberedsec How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest @@ -675,9 +678,11 @@ terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least -the ``copyright'' line and a pointer to where the full notice is found. - at smallexample - at var{one line to give the program's name and a brief idea of what it does.} +the ``copyright'' line and a pointer to where the full notice is +found. + + at example + at var{one line to give the program's name and a brief idea of what it does.} Copyright (C) @var{year} @var{name of author} This program is free software: you can redistribute it and/or modify @@ -692,17 +697,21 @@ General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see @url{http://www.gnu.org/licenses/}. - at end smallexample + at end example + at noindent Also add information on how to contact you by electronic and paper mail. + at noindent If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: @smallexample - at var{program} Copyright (C) @var{year} @var{name of author} -This program comes with ABSOLUTELY NO WARRANTY; for details type @samp{show w}. -This is free software, and you are welcome to redistribute it under certain conditions; type @samp{show c} for details. + at var{program} Copyright (C) @var{year} @var{name of author} +This program comes with ABSOLUTELY NO WARRANTY; for details +type @samp{show w}. This is free software, and you are +welcome to redistribute it under certain conditions; +type @samp{show c} for details. @end smallexample The hypothetical commands @samp{show w} and @samp{show c} should show @@ -721,5 +730,3 @@ library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read @url{http://www.gnu.org/philosophy/why-not-lgpl.html}. - - at end enumerate diff --git a/doc/yat2m.c b/doc/yat2m.c index a22176c..5dc81bf 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -414,7 +414,7 @@ static void start_page (char *name) { if (verbose) - inf ("starting page `%s'", name); + inf ("starting page '%s'", name); assert (!thepage.name); thepage.name = xstrdup (name); thepage.n_sections = 0; @@ -434,7 +434,7 @@ write_th (FILE *fp) p = strrchr (name, '.'); if (!p || !p[1]) { - err ("no section name in man page `%s'", thepage.name); + err ("no section name in man page '%s'", thepage.name); free (name); return -1; } @@ -591,7 +591,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, ignore_args = 1; /* Parameterized macros are not yet supported. */ } else - inf ("texinfo command `%s' not supported (%.*s)", command, + inf ("texinfo command '%s' not supported (%.*s)", command, ((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); } @@ -605,7 +605,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, i--; if (i) { - err ("closing brace for command `%s' not found", command); + err ("closing brace for command '%s' not found", command); return len; } if (n > 2 && !ignore_args) @@ -780,13 +780,13 @@ finish_page (void) return; /* No page active. */ if (verbose) - inf ("finishing page `%s'", thepage.name); + inf ("finishing page '%s'", thepage.name); if (opt_select) { if (!strcmp (opt_select, thepage.name)) { - inf ("selected `%s'", thepage.name ); + inf ("selected '%s'", thepage.name ); fp = stdout; } else @@ -798,10 +798,10 @@ finish_page (void) } else if (opt_store) { - inf ("writing `%s'", thepage.name ); + inf ("writing '%s'", thepage.name ); fp = fopen ( thepage.name, "w" ); if (!fp) - die ("failed to create `%s': %s\n", thepage.name, strerror (errno)); + die ("failed to create '%s': %s\n", thepage.name, strerror (errno)); } else fp = stdout; @@ -1162,7 +1162,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) } if (!incfp) - err ("can't open include file `%s':%s", + err ("can't open include file '%s':%s", incname, strerror (errno)); else { commit e24e92d7e244edd578c0c1f0fba6e0070cb5f104 Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 Ignore obsolete option --disable-keypad. * scd/scdaemon.c (opts): Ignore --disable-keypad. -- The renaming of --disable-keypad to --disable-pinpad might mess up configuration files managed with a GUI. The GUI does not not anymore know about the old option and would allow the user to switch "disable-pinpad" on. However, a "disable-keypad" might still linger in the conf file with gpgconf not knowing about it. Thus the conf file would always be rejected and manual intervention would be required. Ignoring the old option nicely solves the problem. diff --git a/scd/scdaemon.c b/scd/scdaemon.c index c0dd975..5f64521 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -139,8 +139,11 @@ static ARGPARSE_OPTS opts[] = { /* end --disable-ccid */), ARGPARSE_s_u (oCardTimeout, "card-timeout", N_("|N|disconnect the card after N seconds of inactivity")), + ARGPARSE_s_n (oDisablePinpad, "disable-pinpad", N_("do not use a reader's pinpad")), + ARGPARSE_ignore (300, "disable-keypad"), + ARGPARSE_s_n (oAllowAdmin, "allow-admin", "@"), ARGPARSE_s_n (oDenyAdmin, "deny-admin", N_("deny the use of admin card commands")), commit 54c54e2824aab5716a187bbbf6dff8860d6a6056 Author: Werner Koch Date: Thu Apr 18 14:40:43 2013 +0200 Allow marking options as ignored. * jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New. (ARGPARSE_TYPE_MASK): New, for internal use. (ARGPARSE_ignore): New. * jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining constants by macros. (optfile_parse): Implement ARGPARSE_OPT_IGNORE. (arg_parse): Exclide ignore options from --dump-options. -- In addition to the ignore-invalid-option (commit 8ea49cf5) it is often useful to mark options in a configuration which as NOP. For example options which have no more function at all but can be expected to be found in existing conf files. Such an option (or command) may now be given as ARGPARSE_ignore (300, "obsolete-option") The 300 is merely used as a non-valid single option name much like group names or the 500+n values used for long options. Signed-off-by: Werner Koch diff --git a/jnlib/argparse.c b/jnlib/argparse.c index dab4bba..ea624e8 100644 --- a/jnlib/argparse.c +++ b/jnlib/argparse.c @@ -1,6 +1,7 @@ /* [argparse.c wk 17.06.97] Argument Parser for option handling * Copyright (C) 1998, 1999, 2000, 2001, 2006 * 2007, 2008, 2012 Free Software Foundation, Inc. + * Copyright (C) 1997, 2013 Werner Koch * * This file is part of JNLIB. * @@ -92,7 +93,8 @@ * 4 = takes ulong argument * Bit 3 : argument is optional (r_type will the be set to 0) * Bit 4 : allow 0x etc. prefixed values. - * Bit 7 : this is a command and not an option + * Bit 6 : Ignore this option + * Bit 7 : This is a command and not an option * You stop the option processing by setting opts to NULL, the function will * then return 0. * @Return Value @@ -116,6 +118,7 @@ * { 'o', "output", 2 }, * { 'c', "cross-ref", 2|8 }, * { 'm', "my-option", 1|8 }, + * { 300, "ignored-long-option, ARGPARSE_OP_IGNORE}, * { 500, "have-no-short-option-for-this-long-option", 0 }, * {0} }; * ARGPARSE_ARGS pargs = { &argc, &argv, 0 } @@ -418,7 +421,12 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, } idx = i; arg->r_opt = opts[idx].short_opt; - if (!opts[idx].short_opt ) + if ((opts[idx].flags & ARGPARSE_OPT_IGNORE)) + { + state = i = 0; + continue; + } + else if (!opts[idx].short_opt ) { if (!strcmp (keyword, "ignore-invalid-option")) { @@ -436,9 +444,9 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, ? ARGPARSE_INVALID_COMMAND : ARGPARSE_INVALID_OPTION); } - else if (!(opts[idx].flags & 7)) + else if (!(opts[idx].flags & ARGPARSE_TYPE_MASK)) arg->r_type = 0; /* Does not take an arg. */ - else if ((opts[idx].flags & 8) ) + else if ((opts[idx].flags & ARGPARSE_OPT_OPTIONAL) ) arg->r_type = 0; /* Arg is optional. */ else arg->r_opt = ARGPARSE_MISSING_ARG; @@ -450,9 +458,9 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, /* No argument found. */ if (in_alias) arg->r_opt = ARGPARSE_MISSING_ARG; - else if (!(opts[idx].flags & 7)) + else if (!(opts[idx].flags & ARGPARSE_TYPE_MASK)) arg->r_type = 0; /* Does not take an arg. */ - else if ((opts[idx].flags & 8)) + else if ((opts[idx].flags & ARGPARSE_OPT_OPTIONAL)) arg->r_type = 0; /* No optional argument. */ else arg->r_opt = ARGPARSE_MISSING_ARG; @@ -488,7 +496,7 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, } } } - else if (!(opts[idx].flags & 7)) + else if (!(opts[idx].flags & ARGPARSE_TYPE_MASK)) arg->r_opt = ARGPARSE_UNEXPECTED_ARG; else { @@ -550,7 +558,11 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, break; idx = i; arg->r_opt = opts[idx].short_opt; - if (!opts[idx].short_opt) + if ((opts[idx].flags & ARGPARSE_OPT_IGNORE)) + { + state = 1; /* Process like a comment. */ + } + else if (!opts[idx].short_opt) { if (!strcmp (keyword, "alias")) { @@ -784,7 +796,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) { for (i=0; opts[i].short_opt; i++ ) { - if ( opts[i].long_opt ) + if (opts[i].long_opt && !(opts[i].flags & ARGPARSE_OPT_IGNORE)) printf ("--%s\n", opts[i].long_opt); } fputs ("--dump-options\n--help\n--version\n--warranty\n", stdout); @@ -802,7 +814,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) arg->r_opt = opts[i].short_opt; if ( i < 0 ) ; - else if ( (opts[i].flags & 0x07) ) + else if ( (opts[i].flags & ARGPARSE_TYPE_MASK) ) { if ( argpos ) { @@ -886,7 +898,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) arg->internal.inarg++; /* Point to the next arg. */ arg->r.ret_str = s; } - else if ( (opts[i].flags & 7) ) + else if ( (opts[i].flags & ARGPARSE_TYPE_MASK) ) { if ( s[1] && !dash_kludge ) { @@ -958,9 +970,9 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) static int set_opt_arg(ARGPARSE_ARGS *arg, unsigned flags, char *s) { - int base = (flags & 16)? 0 : 10; + int base = (flags & ARGPARSE_OPT_PREFIX)? 0 : 10; - switch ( (arg->r_type = (flags & 7)) ) + switch ( (arg->r_type = (flags & ARGPARSE_TYPE_MASK)) ) { case ARGPARSE_TYPE_INT: arg->r.ret_int = (int)strtol(s,NULL,base); diff --git a/jnlib/argparse.h b/jnlib/argparse.h index a4203b5..dd9b30b 100644 --- a/jnlib/argparse.h +++ b/jnlib/argparse.h @@ -24,12 +24,12 @@ #include "types.h" typedef struct -{ +{ int *argc; /* Pointer to ARGC (value subject to change). */ char ***argv; /* Pointer to ARGV (value subject to change). */ unsigned int flags; /* Global flags. May be set prior to calling the parser. The parser may change the value. */ - int err; /* Print error description for last option. + int err; /* Print error description for last option. Either 0, ARGPARSE_PRINT_WARNING or ARGPARSE_PRINT_ERROR. */ @@ -79,9 +79,12 @@ typedef struct #define ARGPARSE_TYPE_STRING 2 /* Takes a string argument. */ #define ARGPARSE_TYPE_LONG 3 /* Takes a long argument. */ #define ARGPARSE_TYPE_ULONG 4 /* Takes an unsigned long argument. */ -#define ARGPARSE_OPT_OPTIONAL (1<<3) /* Argument is optional. */ +#define ARGPARSE_OPT_OPTIONAL (1<<3) /* Argument is optional. */ #define ARGPARSE_OPT_PREFIX (1<<4) /* Allow 0x etc. prefixed values. */ -#define ARGPARSE_OPT_COMMAND (1<<8) /* The argument is a command. */ +#define ARGPARSE_OPT_IGNORE (1<<6) /* Ignore command or option. */ +#define ARGPARSE_OPT_COMMAND (1<<7) /* The argument is a command. */ + +#define ARGPARSE_TYPE_MASK 7 /* Mask for the type values (internal). */ /* A set of macros to make option definitions easier to read. */ #define ARGPARSE_x(s,l,t,f,d) \ @@ -148,9 +151,11 @@ typedef struct #define ARGPARSE_c(s,l,d) \ { (s), (l), (ARGPARSE_TYPE_NONE | ARGPARSE_OPT_COMMAND), (d) } +#define ARGPARSE_ignore(s,l) \ + { (s), (l), (ARGPARSE_OPT_IGNORE), "@" } #define ARGPARSE_group(s,d) \ - { (s), NULL, 0, (d) } + { (s), NULL, 0, (d) } #define ARGPARSE_end() { 0, NULL, 0, NULL } commit da0925973ef38e1ba82dbc19d829fb11677efc74 Author: Werner Koch Date: Thu Apr 5 20:32:42 2012 +0200 Do not mix test result with progress lines. This makes parsing of the results easier. Fixes bug#1400. * tests/openpgp/defs.inc (progress_cancel, progress_end) (progress_new): New. * tests/openpgp/conventional-mdc.test: Use progress functions * tests/openpgp/conventional.test: Ditto. * tests/openpgp/encrypt-dsa.test: Ditto. * tests/openpgp/encrypt.test: Ditto. * tests/openpgp/sigs.test: Ditto. -- The new output style is now: > MD5 SHA1 RIPEMD160 SHA256 SHA384 SHA512 SHA224 < PASS: sigs.test or if the test fails: > MD5 SHA1 sigs.test: ooops FAIL: sigs.test (cherry picked from commit f1e1387bee286c7434f0462185048872bcdb4484) diff --git a/tests/openpgp/conventional-mdc.test b/tests/openpgp/conventional-mdc.test index a5e5c4e..15b525f 100755 --- a/tests/openpgp/conventional-mdc.test +++ b/tests/openpgp/conventional-mdc.test @@ -12,7 +12,7 @@ #info Checking conventional encryption for ciph in `all_cipher_algos`; do - echo_n "$ciph " + progress "$ciph" for i in 0 1 2 3 9 10 11 19 20 21 22 23 39 40 41 8192 32000 ; do # *BSD's dd can't cope with a count of 0 if test "$i" = "0"; then @@ -27,4 +27,5 @@ for ciph in `all_cipher_algos`; do cmp z y || error "$ciph/$i: mismatch" done done -echo_n "| " + +progress_end diff --git a/tests/openpgp/conventional.test b/tests/openpgp/conventional.test index 1464ee2..5028b29 100755 --- a/tests/openpgp/conventional.test +++ b/tests/openpgp/conventional.test @@ -18,7 +18,7 @@ for i in plain-2 data-32000 ; do done for a in `all_cipher_algos`; do - echo_n "$a " + progress "$a" for i in plain-1 data-80000 ; do echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \ --cipher-algo $a -c -o x --yes $i @@ -26,4 +26,5 @@ for a in `all_cipher_algos`; do cmp $i y || error "$i: ($a) mismatch" done done -echo_n "| " + +progress_end diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc index 12e1b80..b011549 100755 --- a/tests/openpgp/defs.inc +++ b/tests/openpgp/defs.inc @@ -42,18 +42,28 @@ LC_MESSAGES= # Internal use. defs_stop_on_error=no defs_error_seen=no +defs_progress_active=no #-------------------------------- #------ utility functions ------- #-------------------------------- +progress_cancel () { + if [ x$defs_progress_active = xyes ]; then + echo + defs_progress_active=no + fi +} + fatal () { + progress_cancel echo "$pgmname: fatal:" $* >&2 echo "$pgmname: fatal:" $* >&5 exit 1; } error () { + progress_cancel echo "$pgmname:" $* >&2 defs_error_seen=yes echo "$pgmname:" $* >&5 @@ -77,6 +87,7 @@ resume_error () { } info () { + progress_cancel echo "$pgmname:" $* >&2 if [ -n "${verbose+set}" ]; then echo "$pgmname:" $* >&5 @@ -87,7 +98,6 @@ linefeed () { echo >&2 } - echo_n_init=no echo_n () { if test "$echo_n_init" = "no"; then @@ -110,6 +120,23 @@ echo_n () { } +progress_end () { + if [ x$defs_progress_active = xyes ]; then + echo "<" + defs_progress_active=no + fi +} + +progress () { + if [ x$defs_progress_active != xyes ]; then + echo_n " > " + defs_progress_active=yes + fi + echo_n "$* " +} + + + #cleanup () { # rm $cleanup_files 2>/dev/null || true # echo "#empty" >./gpg.conf diff --git a/tests/openpgp/encrypt-dsa.test b/tests/openpgp/encrypt-dsa.test index 01fe33a..320fbd8 100755 --- a/tests/openpgp/encrypt-dsa.test +++ b/tests/openpgp/encrypt-dsa.test @@ -18,7 +18,7 @@ for i in $plain_files $data_files ; do done for ca in `all_cipher_algos` ; do - echo_n "$ca " + progress "$ca" for i in $plain_files $data_files ; do $GPG $dsa_keyrings --always-trust --cipher-algo $ca -e \ -o x --yes -r "$dsa_usrname2" $i @@ -26,4 +26,5 @@ for ca in `all_cipher_algos` ; do cmp $i y || error "$i: mismatch" done done -echo_n "| " + +progress_end diff --git a/tests/openpgp/encrypt.test b/tests/openpgp/encrypt.test index c50c66c..5ef5196 100755 --- a/tests/openpgp/encrypt.test +++ b/tests/openpgp/encrypt.test @@ -17,6 +17,7 @@ for i in $plain_files $data_files ; do cmp $i y || error "$i: mismatch" done +echo_n " > " for ca in `all_cipher_algos` ; do echo_n "$ca " for i in $plain_files $data_files ; do @@ -25,4 +26,4 @@ for ca in `all_cipher_algos` ; do cmp $i y || error "$i: mismatch" done done -echo_n "| " +echo "<" diff --git a/tests/openpgp/sigs.test b/tests/openpgp/sigs.test index 86b0cdc..a4bf76c 100755 --- a/tests/openpgp/sigs.test +++ b/tests/openpgp/sigs.test @@ -17,7 +17,7 @@ for i in $plain_files $data_files; do done for da in `all_hash_algos` ; do - echo_n "$da " + progress "$da" # RSA key, so any hash is okay if have_pubkey_algo "RSA"; then @@ -42,4 +42,5 @@ for da in `all_hash_algos` ; do done fi done -echo_n "| " + +progress_end ----------------------------------------------------------------------- Summary of changes: NEWS | 21 +++++++- README | 12 ++++- README.maint | 4 ++ autogen.sh | 6 +- configure.ac | 56 ++++++++++------------- doc/gpg-agent.texi | 80 ++++++++++++++++++++++++++++++++ doc/gpg.texi | 54 +++++++++++++++------- doc/gpgsm.texi | 5 +- doc/gpl.texi | 27 +++++++---- doc/yat2m.c | 18 ++++---- g10/gpg.c | 87 +++++++++++++++++------------------ g10/sign.c | 6 +- jnlib/argparse.c | 38 ++++++++++----- jnlib/argparse.h | 15 ++++-- scd/scdaemon.c | 3 + scripts/git-log-fix | 4 +- tests/openpgp/conventional-mdc.test | 5 +- tests/openpgp/conventional.test | 5 +- tests/openpgp/defs.inc | 29 +++++++++++- tests/openpgp/encrypt-dsa.test | 5 +- tests/openpgp/encrypt.test | 3 +- tests/openpgp/sigs.test | 5 +- 22 files changed, 333 insertions(+), 155 deletions(-) create mode 100644 README.maint hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 22 21:06:46 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Apr 2013 21:06:46 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-210-g151b78c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 151b78cc26d728e9eb42620e0caf8c6f4bd7f839 (commit) from d6798d261cbe6519ef5b3ebb474e2ad348442c0c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 151b78cc26d728e9eb42620e0caf8c6f4bd7f839 Author: Werner Koch Date: Sat Dec 15 11:28:00 2012 +0100 Fix potential heap corruption in "gpg -v --version". * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. -- This fixes an obvious bug in locales where the translated string is longer than the original. The bug could be exhibited by using LANG=ru_RU.utf8 gpg -v --version. En passant we also removed the trailing white space on continued lines. Reported-by: Dmitry V. Levin" (cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1) Signed-off-by: Werner Koch diff --git a/g10/gpg.c b/g10/gpg.c index a19c9a7..a141164 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -40,6 +40,7 @@ #include "../common/iobuf.h" #include "util.h" #include "packet.h" +#include "membuf.h" #include "main.h" #include "options.h" #include "keydb.h" @@ -895,57 +896,53 @@ my_strusage( int level ) static char * -build_list( const char *text, char letter, - const char * (*mapf)(int), int (*chkf)(int) ) +build_list (const char *text, char letter, + const char * (*mapf)(int), int (*chkf)(int)) { - int i; - const char *s; - size_t n=strlen(text)+2; - char *list, *p, *line=NULL; - - if (maybe_setuid) - gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ - - for(i=0; i <= 110; i++ ) - if( !chkf(i) && (s=mapf(i)) ) - n += strlen(s) + 7 + 2; - list = xmalloc( 21 + n ); *list = 0; - for(p=NULL, i=0; i <= 110; i++ ) { - if( !chkf(i) && (s=mapf(i)) ) { - if( !p ) { - p = stpcpy( list, text ); - line=p; - } - else - p = stpcpy( p, ", "); + membuf_t mb; + int indent; + int i, j, len; + const char *s; + char *string; - if(strlen(line)>60) { - int spaces=strlen(text); + if (maybe_setuid) + gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ - list=xrealloc(list,n+spaces+1); - /* realloc could move the block, so find the end again */ - p=list; - while(*p) - p++; + indent = utf8_charcount (text); + len = 0; + init_membuf (&mb, 512); - p=stpcpy(p, "\n"); - line=p; - for(;spaces;spaces--) - p=stpcpy(p, " "); + for (i=0; i <= 110; i++ ) + { + if (!chkf (i) && (s = mapf (i))) + { + if (mb.len - len > 60) + { + put_membuf_str (&mb, ",\n"); + len = mb.len; + for (j=0; j < indent; j++) + put_membuf_str (&mb, " "); } + else if (mb.len) + put_membuf_str (&mb, ", "); + else + put_membuf_str (&mb, text); - p = stpcpy(p, s ); - if(opt.verbose && letter) - { - char num[8]; - sprintf(num," (%c%d)",letter,i); - p = stpcpy(p,num); - } + put_membuf_str (&mb, s); + if (opt.verbose && letter) + { + char num[20]; + snprintf (num, sizeof num, " (%c%d)", letter, i); + put_membuf_str (&mb, num); + } } } - if( p ) - p = stpcpy(p, "\n" ); - return list; + if (mb.len) + put_membuf_str (&mb, "\n"); + put_membuf (&mb, "", 1); + + string = get_membuf (&mb, NULL); + return xrealloc (string, strlen (string)+1); } ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 87 +++++++++++++++++++++++++++++------------------------------- 1 files changed, 42 insertions(+), 45 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 23 18:26:45 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 23 Apr 2013 18:26:45 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-110-g40ca002 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 40ca0022a7035ce5c3d715f36e0c70f310ea4c61 (commit) via a557a74615774b228dae14cf83a92ec26e2b03b5 (commit) from d6e37554d20a96a6bc85455626fff31157233080 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 40ca0022a7035ce5c3d715f36e0c70f310ea4c61 Author: Werner Koch Date: Tue Apr 23 18:06:46 2013 +0200 w32: Almost everywhere include winsock2.h before windows.h. -- This is required by newer mingw toolchain versions which demand that winsock2.h is included before windows.h. Now, due to the use of socket definitions in pth.h we need to include winsock2.h also in pth.h, now pth.h is often included after an include of windows.h and thus the compiler spits out a warning. To avoid that we include winsock2.h at all places the compiler complains about. diff --git a/agent/preset-passphrase.c b/agent/preset-passphrase.c index 72de91b..8f6018b 100644 --- a/agent/preset-passphrase.c +++ b/agent/preset-passphrase.c @@ -38,7 +38,10 @@ #include /* for setmode() */ #endif #ifdef HAVE_W32_SYSTEM -#include /* To initialize the sockets. fixme */ +# ifdef HAVE_WINSOCK2_H +# include +# endif +# include /* To initialize the sockets. fixme */ #endif #define JNLIB_NEED_LOG_LOGV @@ -49,14 +52,14 @@ #include "sysutils.h" -enum cmd_and_opt_values +enum cmd_and_opt_values { aNull = 0, oVerbose = 'v', oPassphrase = 'P', oPreset = 'c', oForget = 'f', - + oNoVerbose = 500, oHomedir, @@ -68,7 +71,7 @@ static const char *opt_homedir; static const char *opt_passphrase; static ARGPARSE_OPTS opts[] = { - + { 301, NULL, 0, N_("@Options:\n ") }, { oVerbose, "verbose", 0, "verbose" }, @@ -76,7 +79,7 @@ static ARGPARSE_OPTS opts[] = { { oPreset, "preset", 256, "preset passphrase"}, { oForget, "forget", 256, "forget passphrase"}, - { oHomedir, "homedir", 2, "@" }, + { oHomedir, "homedir", 2, "@" }, {0} }; @@ -94,14 +97,14 @@ my_strusage (int level) case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break; case 1: - case 40: + case 40: p = _("Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"); break; case 41: p = _("Syntax: gpg-preset-passphrase [options] KEYGRIP\n" "Password cache maintenance\n"); break; - + default: p = NULL; } return p; @@ -112,7 +115,7 @@ my_strusage (int level) /* Include the implementation of map_spwq_error. */ MAP_SPWQ_ERROR_IMPL - + static void preset_passphrase (const char *keygrip) @@ -210,7 +213,7 @@ main (int argc, char **argv) const char *keygrip = NULL; set_strusage (my_strusage); - log_set_prefix ("gpg-preset-passphrase", 1); + log_set_prefix ("gpg-preset-passphrase", 1); /* Make sure that our subsystems are ready. */ i18n_init (); @@ -231,7 +234,7 @@ main (int argc, char **argv) case oPreset: cmd = oPreset; break; case oForget: cmd = oForget; break; case oPassphrase: opt_passphrase = pargs.r.ret_str; break; - + default : pargs.err = 2; break; } } diff --git a/agent/protect.c b/agent/protect.c index d6c9641..d4d7e00 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -28,6 +28,9 @@ #include #include #ifdef HAVE_W32_SYSTEM +# ifdef HAVE_WINSOCK2_H +# include +# endif # include #else # include @@ -83,7 +86,7 @@ calibrate_get_time (struct calibrate_time_s *data) &data->kernel_time, &data->user_time); #else struct tms tmp; - + times (&tmp); data->ticks = tmp.tms_utime; #endif @@ -94,12 +97,12 @@ static unsigned long calibrate_elapsed_time (struct calibrate_time_s *starttime) { struct calibrate_time_s stoptime; - + calibrate_get_time (&stoptime); #ifdef HAVE_W32_SYSTEM { unsigned long long t1, t2; - + t1 = (((unsigned long long)starttime->kernel_time.dwHighDateTime << 32) + starttime->kernel_time.dwLowDateTime); t1 += (((unsigned long long)starttime->user_time.dwHighDateTime << 32) @@ -136,7 +139,7 @@ calibrate_s2k_count_one (unsigned long count) /* Measure the time we need to do the hash operations and deduce an - S2K count which requires about 100ms of time. */ + S2K count which requires about 100ms of time. */ static unsigned long calibrate_s2k_count (void) { @@ -187,7 +190,7 @@ get_standard_s2k_count (void) /* Calculate the MIC for a private key S-Exp. SHA1HASH should point to a 20 byte buffer. This function is suitable for any algorithms. */ -static int +static int calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash) { const unsigned char *hash_begin, *hash_end; @@ -200,16 +203,16 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash) s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (!smatch (&s, n, "private-key")) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); + return gpg_error (GPG_ERR_UNKNOWN_SEXP); if (*s != '(') return gpg_error (GPG_ERR_UNKNOWN_SEXP); hash_begin = s; s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); s += n; /* skip over the algorithm name */ while (*s == '(') @@ -217,18 +220,18 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash) s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); s += n; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); s += n; if ( *s != ')' ) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); s++; } if (*s != ')') - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); s++; hash_end = s; @@ -251,7 +254,7 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash) (d #046129F..[some bytes not shown]..81#) (p #00e861b..[some bytes not shown]..f1#) (q #00f7a7c..[some bytes not shown]..61#) - (u #304559a..[some bytes not shown]..9b#) + (u #304559a..[some bytes not shown]..9b#) the returned block is the S-Expression: @@ -259,7 +262,7 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash) */ static int -do_encryption (const unsigned char *protbegin, size_t protlen, +do_encryption (const unsigned char *protbegin, size_t protlen, const char *passphrase, const unsigned char *sha1hash, unsigned char **result, size_t *resultlen) { @@ -312,14 +315,14 @@ do_encryption (const unsigned char *protbegin, size_t protlen, { unsigned char *key; size_t keylen = PROT_CIPHER_KEYLEN; - + key = gcry_malloc_secure (keylen); if (!key) rc = out_of_core (); else { rc = hash_passphrase (passphrase, GCRY_MD_SHA1, - 3, iv+2*blklen, + 3, iv+2*blklen, get_standard_s2k_count (), key, keylen); if (!rc) rc = gcry_cipher_setkey (hd, key, keylen); @@ -339,7 +342,7 @@ do_encryption (const unsigned char *protbegin, size_t protlen, p += 20; *p++ = ')'; *p++ = ')'; - memcpy (p, iv+blklen, blklen); + memcpy (p, iv+blklen, blklen); p += blklen; assert ( p - outbuf == outlen); rc = gcry_cipher_encrypt (hd, outbuf, enclen, NULL, 0); @@ -357,7 +360,7 @@ do_encryption (const unsigned char *protbegin, size_t protlen, (protected openpgp-s2k3-sha1-aes-cbc ((sha1 salt no_of_iterations) 16byte_iv) encrypted_octet_string) - + in canoncical format of course. We use asprintf and %n modifier and dummy values as placeholders. */ { @@ -367,7 +370,7 @@ do_encryption (const unsigned char *protbegin, size_t protlen, p = xtryasprintf ("(9:protected%d:%s((4:sha18:%n_8bytes_%u:%s)%d:%n%*s)%d:%n%*s)", (int)strlen (modestr), modestr, - &saltpos, + &saltpos, (unsigned int)strlen (countbuf), countbuf, blklen, &ivpos, blklen, "", enclen, &encpos, enclen, ""); @@ -393,7 +396,7 @@ do_encryption (const unsigned char *protbegin, size_t protlen, /* Protect the key encoded in canonical format in PLAINKEY. We assume a valid S-Exp here. */ -int +int agent_protect (const unsigned char *plainkey, const char *passphrase, unsigned char **result, size_t *resultlen) { @@ -424,9 +427,9 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (!smatch (&s, n, "private-key")) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); + return gpg_error (GPG_ERR_UNKNOWN_SEXP); if (*s != '(') return gpg_error (GPG_ERR_UNKNOWN_SEXP); depth++; @@ -434,13 +437,13 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); for (infidx=0; protect_info[infidx].algo && !smatch (&s, n, protect_info[infidx].algo); infidx++) ; if (!protect_info[infidx].algo) - return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); + return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); prot_begin = prot_end = NULL; for (i=0; (c=protect_info[infidx].parmlist[i]); i++) @@ -453,23 +456,23 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (n != 1 || c != *s) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); s += n; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); s +=n; /* skip value */ if (*s != ')') - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); depth--; if (i == protect_info[infidx].prot_to) prot_end = s; s++; } if (*s != ')' || !prot_begin || !prot_end ) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); depth--; hash_end = s; s++; @@ -481,10 +484,10 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, assert (!depth); real_end = s-1; - + /* Hash the stuff. Because the timestamp_exp won't get protected, we can't simply hash a continuous buffer but need to use several - md_writes. */ + md_writes. */ rc = gcry_md_open (&md, GCRY_MD_SHA1, 0 ); if (rc) return rc; @@ -537,8 +540,8 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, /* Do the actual decryption and check the return list for consistency. */ static int -do_decryption (const unsigned char *protected, size_t protectedlen, - const char *passphrase, +do_decryption (const unsigned char *protected, size_t protectedlen, + const char *passphrase, const unsigned char *s2ksalt, unsigned long s2kcount, const unsigned char *iv, size_t ivlen, unsigned char **result) @@ -567,7 +570,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen, { unsigned char *key; size_t keylen = PROT_CIPHER_KEYLEN; - + key = gcry_malloc_secure (keylen); if (!key) rc = out_of_core (); @@ -615,7 +618,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen, calculation but then be removed. */ static int merge_lists (const unsigned char *protectedkey, - size_t replacepos, + size_t replacepos, const unsigned char *cleartext, unsigned char *sha1hash, unsigned char **result, size_t *resultlen, @@ -626,7 +629,7 @@ merge_lists (const unsigned char *protectedkey, const unsigned char *s; const unsigned char *startpos, *endpos; int i, rc; - + *result = NULL; *resultlen = 0; *cutoff = 0; @@ -689,7 +692,7 @@ merge_lists (const unsigned char *protectedkey, goto invalid_sexp; n = snext (&s); if (!smatch (&s, n, "sha1")) - goto invalid_sexp; + goto invalid_sexp; n = snext (&s); if (n != 20) goto invalid_sexp; @@ -702,7 +705,7 @@ merge_lists (const unsigned char *protectedkey, /* append the parameter list */ memcpy (p, startpos, endpos - startpos); p += endpos - startpos; - + /* Skip over the protected list element in the original list. */ s = protectedkey + replacepos; assert (*s == '('); @@ -740,7 +743,7 @@ merge_lists (const unsigned char *protectedkey, *cutoff = p - newlist; memcpy (p, startpos, endpos - startpos); p += endpos - startpos; - + /* ready */ *result = newlist; @@ -763,14 +766,14 @@ merge_lists (const unsigned char *protectedkey, /* Unprotect the key encoded in canonical format. We assume a valid S-Exp here. If a protected-at item is available, its value will be stored at protocted_at unless this is NULL. */ -int +int agent_unprotect (const unsigned char *protectedkey, const char *passphrase, - gnupg_isotime_t protected_at, + gnupg_isotime_t protected_at, unsigned char **result, size_t *resultlen) { int rc; const unsigned char *s; - const unsigned char *protect_list; + const unsigned char *protect_list; size_t n; int infidx, i; unsigned char sha1hash[20], sha1hash2[20]; @@ -792,21 +795,21 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase, s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (!smatch (&s, n, "protected-private-key")) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); + return gpg_error (GPG_ERR_UNKNOWN_SEXP); if (*s != '(') return gpg_error (GPG_ERR_UNKNOWN_SEXP); s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); for (infidx=0; protect_info[infidx].algo && !smatch (&s, n, protect_info[infidx].algo); infidx++) ; if (!protect_info[infidx].algo) - return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); + return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); /* See wether we have a protected-at timestamp. */ @@ -841,7 +844,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase, /* Now find the list with the protected information. Here is an example for such a list: - (protected openpgp-s2k3-sha1-aes-cbc + (protected openpgp-s2k3-sha1-aes-cbc ((sha1 ) ) ) */ @@ -854,7 +857,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase, s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (smatch (&s, n, "protected")) break; s += n; @@ -866,7 +869,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase, /* found */ n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (!smatch (&s, n, "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc")) return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION); if (*s != '(' || s[1] != '(') @@ -874,7 +877,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase, s += 2; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (!smatch (&s, n, "sha1")) return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION); n = snext (&s); @@ -890,7 +893,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase, is nothing we should worry about */ if (s[n] != ')' ) return gpg_error (GPG_ERR_INV_SEXP); - + /* Old versions of gpg-agent used the funny floating point number in a byte encoding as specified by OpenPGP. However this is not needed and thus we now store it as a plain unsigned integer. We @@ -920,8 +923,8 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase, s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); - + return gpg_error (GPG_ERR_INV_SEXP); + rc = do_decryption (s, n, passphrase, s2ksalt, s2kcount, iv, 16, @@ -995,7 +998,7 @@ agent_private_key_type (const unsigned char *privatekey) store this key in the caller provided buffer KEY. The caller must provide an HASHALGO, a valid S2KMODE (see rfc-2440) and depending on that mode an S2KSALT of 8 random bytes and an S2KCOUNT. - + Returns an error code on failure. */ static int hash_passphrase (const char *passphrase, int hashalgo, @@ -1015,7 +1018,7 @@ hash_passphrase (const char *passphrase, int hashalgo, return gpg_error (GPG_ERR_INV_VALUE); if ((s2kmode == 1 ||s2kmode == 3) && !s2ksalt) return gpg_error (GPG_ERR_INV_VALUE); - + rc = gcry_md_open (&md, hashalgo, GCRY_MD_FLAG_SECURE); if (rc) return rc; @@ -1049,7 +1052,7 @@ hash_passphrase (const char *passphrase, int hashalgo, } if (count < 8) gcry_md_write (md, s2ksalt, count); - else + else { gcry_md_write (md, s2ksalt, 8); count -= 8; @@ -1058,7 +1061,7 @@ hash_passphrase (const char *passphrase, int hashalgo, } else gcry_md_write (md, passphrase, pwlen); - + gcry_md_final (md); i = gcry_md_get_algo_dlen (hashalgo); if (i > keylen - used) @@ -1108,7 +1111,7 @@ make_shadow_info (const char *serialno, const char *idstring) S-expression is returned in an allocated buffer RESULT will point to. The input parameters are expected to be valid canonicalized S-expressions */ -int +int agent_shadow_key (const unsigned char *pubkey, const unsigned char *shadow_info, unsigned char **result) @@ -1130,16 +1133,16 @@ agent_shadow_key (const unsigned char *pubkey, s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (!smatch (&s, n, "public-key")) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); + return gpg_error (GPG_ERR_UNKNOWN_SEXP); if (*s != '(') return gpg_error (GPG_ERR_UNKNOWN_SEXP); depth++; s++; - n = snext (&s); + n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); s += n; /* skip over the algorithm name */ while (*s != ')') @@ -1149,15 +1152,15 @@ agent_shadow_key (const unsigned char *pubkey, depth++; s++; n = snext (&s); - if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + if (!n) + return gpg_error (GPG_ERR_INV_SEXP); s += n; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); s +=n; /* skip value */ if (*s != ')') - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); depth--; s++; } @@ -1189,7 +1192,7 @@ agent_shadow_key (const unsigned char *pubkey, /* Parse a canonical encoded shadowed key and return a pointer to the inner list with the shadow_info */ -int +int agent_get_shadow_info (const unsigned char *shadowkey, unsigned char const **shadow_info) { @@ -1204,16 +1207,16 @@ agent_get_shadow_info (const unsigned char *shadowkey, s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (!smatch (&s, n, "shadowed-private-key")) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); + return gpg_error (GPG_ERR_UNKNOWN_SEXP); if (*s != '(') return gpg_error (GPG_ERR_UNKNOWN_SEXP); depth++; s++; - n = snext (&s); + n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); s += n; /* skip over the algorithm name */ for (;;) @@ -1225,24 +1228,24 @@ agent_get_shadow_info (const unsigned char *shadowkey, depth++; s++; n = snext (&s); - if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + if (!n) + return gpg_error (GPG_ERR_INV_SEXP); if (smatch (&s, n, "shadowed")) break; s += n; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); s +=n; /* skip value */ if (*s != ')') - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); depth--; s++; } /* Found the shadowed list, S points to the protocol */ n = snext (&s); - if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + if (!n) + return gpg_error (GPG_ERR_INV_SEXP); if (smatch (&s, n, "t1-v1")) { if (*s != '(') @@ -1262,7 +1265,7 @@ agent_get_shadow_info (const unsigned char *shadowkey, parameters addresses. If the serial number or the ID string is not required, NULL may be passed for them. */ gpg_error_t -parse_shadow_info (const unsigned char *shadow_info, +parse_shadow_info (const unsigned char *shadow_info, char **r_hexsn, char **r_idstr) { const unsigned char *s; @@ -1299,7 +1302,7 @@ parse_shadow_info (const unsigned char *shadow_info, } return gpg_error (GPG_ERR_INV_SEXP); } - + if (r_idstr) { *r_idstr = xtrymalloc (n+1); diff --git a/autogen.sh b/autogen.sh index 6001707..b81a6b2 100755 --- a/autogen.sh +++ b/autogen.sh @@ -84,7 +84,7 @@ if test "$1" = "--build-w32"; then fi fi - ./configure --enable-maintainer-mode --prefix=${w32root} \ + $tsdir/configure --enable-maintainer-mode --prefix=${w32root} \ --host=${host} --build=${build} \ --enable-gpgtar \ --with-gpg-error-prefix=${w32root} \ diff --git a/common/estream.c b/common/estream.c index 3b6139e..9c781a0 100644 --- a/common/estream.c +++ b/common/estream.c @@ -79,6 +79,9 @@ #include #include #ifdef HAVE_W32_SYSTEM +# ifdef HAVE_WINSOCK2_H +# include +# endif # include #endif #ifdef HAVE_W32CE_SYSTEM diff --git a/common/homedir.c b/common/homedir.c index d0fc5c6..5adf46a 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -23,6 +23,9 @@ #include #ifdef HAVE_W32_SYSTEM +# ifdef HAVE_WINSOCK2_H +# include +# endif #include #ifndef CSIDL_APPDATA #define CSIDL_APPDATA 0x001a @@ -97,7 +100,7 @@ standard_homedir (void) if (!dir) { char path[MAX_PATH]; - + /* It might be better to use LOCAL_APPDATA because this is defined as "non roaming" and thus more likely to be kept locally. For private keys this is desired. However, given @@ -105,13 +108,13 @@ standard_homedir (void) using a system roaming services might be better than to let them do it manually. A security conscious user will anyway use the registry entry to have better control. */ - if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE, - NULL, 0, path) >= 0) + if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE, + NULL, 0, path) >= 0) { char *tmp = xmalloc (strlen (path) + 6 +1); strcpy (stpcpy (tmp, path), "\\gnupg"); dir = tmp; - + /* Try to create the directory if it does not yet exists. */ if (access (dir, F_OK)) CreateDirectory (dir, NULL); @@ -137,7 +140,7 @@ default_homedir (void) if (!dir || !*dir) { static const char *saved_dir; - + if (!saved_dir) { if (!dir || !*dir) @@ -154,7 +157,7 @@ default_homedir (void) if (tmp) saved_dir = tmp; } - + if (!saved_dir) saved_dir = standard_homedir (); } @@ -191,7 +194,7 @@ w32_rootdir (void) else { log_debug ("bad filename `%s' returned for this process\n", dir); - *dir = 0; + *dir = 0; } } @@ -210,8 +213,8 @@ w32_commondir (void) { char path[MAX_PATH]; - if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA, - NULL, 0, path) >= 0) + if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA, + NULL, 0, path) >= 0) { char *tmp = xmalloc (strlen (path) + 4 +1); strcpy (stpcpy (tmp, path), "\\GNU"); @@ -226,7 +229,7 @@ w32_commondir (void) dir = xstrdup (w32_rootdir ()); } } - + return dir; } #endif /*HAVE_W32_SYSTEM*/ @@ -388,42 +391,42 @@ gnupg_module_name (int which) strcpy (stpcpy (name, s), s2); \ } \ return name; \ - } while (0) + } while (0) switch (which) { case GNUPG_MODULE_NAME_AGENT: #ifdef GNUPG_DEFAULT_AGENT return GNUPG_DEFAULT_AGENT; -#else +#else X(bindir, "gpg-agent"); #endif - + case GNUPG_MODULE_NAME_PINENTRY: #ifdef GNUPG_DEFAULT_PINENTRY return GNUPG_DEFAULT_PINENTRY; -#else +#else X(bindir, "pinentry"); #endif case GNUPG_MODULE_NAME_SCDAEMON: #ifdef GNUPG_DEFAULT_SCDAEMON return GNUPG_DEFAULT_SCDAEMON; -#else +#else X(libexecdir, "scdaemon"); #endif case GNUPG_MODULE_NAME_DIRMNGR: #ifdef GNUPG_DEFAULT_DIRMNGR return GNUPG_DEFAULT_DIRMNGR; -#else +#else X(bindir, "dirmngr"); #endif case GNUPG_MODULE_NAME_PROTECT_TOOL: #ifdef GNUPG_DEFAULT_PROTECT_TOOL return GNUPG_DEFAULT_PROTECT_TOOL; -#else +#else X(libexecdir, "gpg-protect-tool"); #endif @@ -442,7 +445,7 @@ gnupg_module_name (int which) case GNUPG_MODULE_NAME_GPGCONF: X(bindir, "gpgconf"); - default: + default: BUG (); } #undef X diff --git a/common/http.c b/common/http.c index 49859fa..15d64c4 100644 --- a/common/http.c +++ b/common/http.c @@ -46,6 +46,9 @@ #include #ifdef HAVE_W32_SYSTEM +# ifdef HAVE_WINSOCK2_H +# include +# endif # include #else /*!HAVE_W32_SYSTEM*/ # include diff --git a/common/init.c b/common/init.c index 5425ace..7be8af0 100644 --- a/common/init.c +++ b/common/init.c @@ -25,9 +25,12 @@ #endif #ifdef HAVE_W32_SYSTEM +# ifdef HAVE_WINSOCK2_H +# include +# endif #include #endif -#ifdef HAVE_PTH +#ifdef HAVE_PTH #include #endif @@ -46,7 +49,7 @@ void init_common_subsystems (void) { /* Try to auto set the character set. */ - set_native_charset (NULL); + set_native_charset (NULL); #ifdef HAVE_W32_SYSTEM /* For W32 we need to initialize the socket layer. This is because diff --git a/common/iobuf.c b/common/iobuf.c index 04b17ff..1a84f3f 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -30,6 +30,9 @@ #include #include #ifdef HAVE_W32_SYSTEM +# ifdef HAVE_WINSOCK2_H +# include +# endif # include #endif #ifdef __riscos__ @@ -43,7 +46,7 @@ /*-- Begin configurable part. --*/ -/* The size of the internal buffers. +/* The size of the internal buffers. NOTE: If you change this value you MUST also adjust the regression test "armored_key_8192" in armor.test! */ #define IOBUF_BUFFER_SIZE 8192 @@ -66,15 +69,15 @@ implementation. What we define here are 3 macros to make the appropriate calls: - my_fileno + my_fileno Is expanded to fileno(a) if using a stdion backend and to a if we are using the low-level backend. - my_fopen + my_fopen Is defined to fopen for the stdio backend and to direct_open if we are using the low-evel backend. - my_fopen_ro + my_fopen_ro Is defined to fopen for the stdio backend and to fd_cache_open if we are using the low-evel backend. @@ -117,7 +120,7 @@ typedef struct { fp_or_fd_t fp; /* Open file pointer or handle. */ - int keep_open; + int keep_open; int no_cache; int eof_seen; int print_only_name; /* Flags indicating that fname is not a real file. */ @@ -196,7 +199,7 @@ fd_cache_strcmp (const char *a, const char *b) #ifdef HAVE_DOSISH_SYSTEM for (; *a && *b; a++, b++) { - if (*a != *b && !((*a == '/' && *b == '\\') + if (*a != *b && !((*a == '/' && *b == '\\') || (*a == '\\' && *b == '/')) ) break; } @@ -353,7 +356,7 @@ direct_open (const char *fname, const char *mode) /* - * Instead of closing an FD we keep it open and cache it for later reuse + * Instead of closing an FD we keep it open and cache it for later reuse * Note that this caching strategy only works if the process does not chdir. */ static void @@ -477,13 +480,13 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf, { assert (size); /* We need a buffer. */ if (feof (f)) - { + { /* On terminals you could easily read as many EOFs as you call fread() or fgetc() repeatly. Every call will block until you press CTRL-D. So we catch this case before we call fread() again. */ - rc = -1; - *ret_len = 0; + rc = -1; + *ret_len = 0; } else { @@ -891,7 +894,7 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer, /* log_debug("partial: ctx=%p c=%02x size=%u\n", a, c, a->size); */ } else - BUG (); + BUG (); } while (!rc && size && a->size) @@ -1506,7 +1509,7 @@ iobuf_ioctl (iobuf_t a, int cmd, int intval, void *ptrval) { /* keep system filepointer/descriptor open */ if (DBG_IOBUF) log_debug ("iobuf-%d.%d: ioctl `%s' keep=%d\n", - a ? a->no : -1, a ? a->subno : -1, + a ? a->no : -1, a ? a->subno : -1, a && a->desc ? a->desc : "?", intval); for (; a; a = a->chain) @@ -1543,7 +1546,7 @@ iobuf_ioctl (iobuf_t a, int cmd, int intval, void *ptrval) { /* disallow/allow caching */ if (DBG_IOBUF) log_debug ("iobuf-%d.%d: ioctl `%s' no_cache=%d\n", - a ? a->no : -1, a ? a->subno : -1, + a ? a->no : -1, a ? a->subno : -1, a && a->desc? a->desc : "?", intval); for (; a; a = a->chain) @@ -1663,7 +1666,7 @@ iobuf_push_filter2 (iobuf_t a, if (DBG_IOBUF) { - log_debug ("iobuf-%d.%d: push `%s'\n", a->no, a->subno, + log_debug ("iobuf-%d.%d: push `%s'\n", a->no, a->subno, a->desc?a->desc:"?"); print_chain (a); } @@ -2170,24 +2173,24 @@ iobuf_get_filelength (iobuf_t a, int *overflow) if (overflow) *overflow = 0; - - if ( a->directfp ) + + if ( a->directfp ) { FILE *fp = a->directfp; - + if ( !fstat(fileno(fp), &st) ) return st.st_size; log_error("fstat() failed: %s\n", strerror(errno) ); return 0; } - + /* Hmmm: file_filter may have already been removed */ for ( ; a; a = a->chain ) if ( !a->chain && a->filter == file_filter ) { file_filter_ctx_t *b = a->filter_ov; fp_or_fd_t fp = b->fp; - + #if defined(HAVE_W32_SYSTEM) && !defined(FILE_FILTER_USES_STDIO) ulong size; static int (* __stdcall get_file_size_ex) (void *handle, @@ -2197,7 +2200,7 @@ iobuf_get_filelength (iobuf_t a, int *overflow) if (!get_file_size_ex_initialized) { void *handle; - + handle = dlopen ("kernel32.dll", RTLD_LAZY); if (handle) { @@ -2207,21 +2210,21 @@ iobuf_get_filelength (iobuf_t a, int *overflow) } get_file_size_ex_initialized = 1; } - + if (get_file_size_ex) { /* This is a newer system with GetFileSizeEx; we use this then because it seem that GetFileSize won't return a proper error in case a file is larger than 4GB. */ LARGE_INTEGER exsize; - + if (get_file_size_ex (fp, &exsize)) { if (!exsize.u.HighPart) return exsize.u.LowPart; if (overflow) *overflow = 1; - return 0; + return 0; } } else @@ -2238,14 +2241,14 @@ iobuf_get_filelength (iobuf_t a, int *overflow) #endif break/*the for loop*/; } - + return 0; } /* Return the file descriptor of the underlying file or -1 if it is not available. */ -int +int iobuf_get_fd (iobuf_t a) { if (a->directfp) @@ -2518,7 +2521,7 @@ translate_file_handle (int fd, int for_write) # else { int x; - + (void)for_write; if (fd == 0) @@ -2551,13 +2554,13 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial) { for (;;) { - if (a->nofast || a->d.start >= a->d.len) + if (a->nofast || a->d.start >= a->d.len) { if (iobuf_readbyte (a) == -1) { break; } - } + } else { unsigned long count = a->d.len - a->d.start; @@ -2565,11 +2568,11 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial) a->d.start = a->d.len; } } - } + } else { unsigned long remaining = n; - while (remaining > 0) + while (remaining > 0) { if (a->nofast || a->d.start >= a->d.len) { @@ -2578,11 +2581,11 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial) break; } --remaining; - } - else + } + else { unsigned long count = a->d.len - a->d.start; - if (count > remaining) + if (count > remaining) { count = remaining; } diff --git a/common/sysutils.c b/common/sysutils.c index 8e0c75c..82bc81f 100644 --- a/common/sysutils.c +++ b/common/sysutils.c @@ -43,10 +43,15 @@ # include #endif #ifdef HAVE_W32_SYSTEM -# define WINVER 0x0500 /* Required for AllowSetForegroundWindow. */ +# ifndef WINVER +# define WINVER 0x0500 /* Required for AllowSetForegroundWindow. */ +# endif +# ifdef HAVE_WINSOCK2_H +# include +# endif # include #endif -#ifdef HAVE_PTH +#ifdef HAVE_PTH # include #endif #include @@ -144,8 +149,8 @@ get_session_marker( size_t *rlen ) initialized = 1; /* Although this marker is guessable it is not easy to use * for a faked control packet because an attacker does not - * have enough control about the time the verification does - * take place. Of course, we can add just more random but + * have enough control about the time the verification does + * take place. Of course, we can add just more random but * than we need the random generator even for verification * tasks - which does not make sense. */ a = aa ^ (ulong)getpid(); @@ -260,7 +265,7 @@ gnupg_sleep (unsigned int seconds) the process will give up its timeslot. */ if (!seconds) { -# ifdef HAVE_W32_SYSTEM +# ifdef HAVE_W32_SYSTEM Sleep (0); # else sleep (0); @@ -269,7 +274,7 @@ gnupg_sleep (unsigned int seconds) pth_sleep (seconds); #else /* Fixme: make sure that a sleep won't wake up to early. */ -# ifdef HAVE_W32_SYSTEM +# ifdef HAVE_W32_SYSTEM Sleep (seconds*1000); # else sleep (seconds); @@ -291,7 +296,7 @@ translate_sys2libc_fd (gnupg_fd_t fd, int for_write) if (fd == GNUPG_INVALID_FD) return -1; - + /* Note that _open_osfhandle is currently defined to take and return a long. */ x = _open_osfhandle ((long)fd, for_write ? 1 : 0); @@ -414,7 +419,7 @@ gnupg_tmpfile (void) Must be called before we open any files! */ void gnupg_reopen_std (const char *pgmname) -{ +{ #if defined(HAVE_STAT) && !defined(HAVE_W32_SYSTEM) struct stat statbuf; int did_stdin = 0; @@ -429,7 +434,7 @@ gnupg_reopen_std (const char *pgmname) else did_stdin = 2; } - + if (fstat (STDOUT_FILENO, &statbuf) == -1 && errno == EBADF) { if (open ("/dev/null",O_WRONLY) == STDOUT_FILENO) @@ -478,13 +483,13 @@ gnupg_reopen_std (const char *pgmname) /* Hack required for Windows. */ -void +void gnupg_allow_set_foregound_window (pid_t pid) { if (!pid) log_info ("%s called with invalid pid %lu\n", "gnupg_allow_set_foregound_window", (unsigned long)pid); -#ifdef HAVE_W32_SYSTEM +#ifdef HAVE_W32_SYSTEM else if (!AllowSetForegroundWindow ((pid_t)pid == (pid_t)(-1)?ASFW_ANY:pid)) log_info ("AllowSetForegroundWindow(%lu) failed: %s\n", (unsigned long)pid, w32_strerror (-1)); diff --git a/common/ttyio.c b/common/ttyio.c index fc27407..e70a205 100644 --- a/common/ttyio.c +++ b/common/ttyio.c @@ -25,23 +25,26 @@ #include #include #ifdef HAVE_TCGETATTR -#include +# include #else -#ifdef HAVE_TERMIO_H -/* simulate termios with termio */ -#include -#define termios termio -#define tcsetattr ioctl -#define TCSAFLUSH TCSETAF -#define tcgetattr(A,B) ioctl(A,TCGETA,B) -#define HAVE_TCGETATTR -#endif +# ifdef HAVE_TERMIO_H + /* Simulate termios with termio. */ +# include +# define termios termio +# define tcsetattr ioctl +# define TCSAFLUSH TCSETAF +# define tcgetattr(A,B) ioctl(A,TCGETA,B) +# define HAVE_TCGETATTR +# endif #endif #ifdef _WIN32 /* use the odd Win32 functions */ -#include -#ifdef HAVE_TCGETATTR -#error mingw32 and termios -#endif +# ifdef HAVE_WINSOCK2_H +# include +# endif +# include +# ifdef HAVE_TCGETATTR +# error mingw32 and termios +# endif #endif #include #include @@ -179,7 +182,7 @@ init_ttyfp(void) if (my_rl_init_stream) my_rl_init_stream (ttyfp); #endif - + #ifdef HAVE_TCGETATTR atexit( cleanup ); @@ -218,7 +221,7 @@ tty_printf( const char *fmt, ... ) va_start( arg_ptr, fmt ) ; #ifdef _WIN32 - { + { char *buf = NULL; int n; DWORD nwritten; @@ -226,7 +229,7 @@ tty_printf( const char *fmt, ... ) n = vasprintf(&buf, fmt, arg_ptr); if( !buf ) log_bug("vasprintf() failed\n"); - + if( !WriteConsoleA( con.out, buf, n, &nwritten, NULL ) ) log_fatal("WriteConsole failed: rc=%d", (int)GetLastError() ); if( n != nwritten ) @@ -265,7 +268,7 @@ tty_fprintf (FILE *fp, const char *fmt, ... ) va_start( arg_ptr, fmt ) ; #ifdef _WIN32 - { + { char *buf = NULL; int n; DWORD nwritten; @@ -273,7 +276,7 @@ tty_fprintf (FILE *fp, const char *fmt, ... ) n = vasprintf(&buf, fmt, arg_ptr); if( !buf ) log_bug("vasprintf() failed\n"); - + if( !WriteConsoleA( con.out, buf, n, &nwritten, NULL ) ) log_fatal("WriteConsole failed: rc=%d", (int)GetLastError() ); if( n != nwritten ) @@ -531,7 +534,7 @@ tty_get( const char *prompt ) { char *line; char *buf; - + if (!initialized) init_ttyfp(); diff --git a/g10/exec.c b/g10/exec.c index 6ab2479..331c5ec 100644 --- a/g10/exec.c +++ b/g10/exec.c @@ -17,7 +17,7 @@ * along with this program; if not, see . */ -/* +/* FIXME: We should replace most code in this module by our spawn implementation from common/exechelp.c. */ @@ -33,7 +33,10 @@ #include #endif #ifdef HAVE_DOSISH_SYSTEM -#include +# ifdef HAVE_WINSOCK2_H +# include +# endif +# include #endif #include #include @@ -50,7 +53,7 @@ #include "exec.h" #ifdef NO_EXEC -int +int exec_write(struct exec_info **info,const char *program, const char *args_in,const char *name,int writeonly,int binary) { @@ -71,7 +74,7 @@ set_exec_path(const char *path) { return G10ERR_GENERAL; } /* This is a nicer system() for windows that waits for programs to return before returning control to the caller. I hate helpful computers. */ -static int +static int w32_system(const char *command) { PROCESS_INFORMATION pi; @@ -103,7 +106,7 @@ w32_system(const char *command) #endif /* Replaces current $PATH */ -int +int set_exec_path(const char *path) { char *p; @@ -126,7 +129,7 @@ set_exec_path(const char *path) } /* Makes a temp directory and filenames */ -static int +static int make_tempdir(struct exec_info *info) { char *tmp=opt.temp_dir,*namein=info->name,*nameout; @@ -208,7 +211,7 @@ make_tempdir(struct exec_info *info) /* Expands %i and %o in the args to the full temp files within the temp directory. */ -static int +static int expand_args(struct exec_info *info,const char *args_in) { const char *ch = args_in; @@ -297,7 +300,7 @@ expand_args(struct exec_info *info,const char *args_in) If there are args, but no tempfiles, then it's a fork/exec/pipe via shell -c. If there are tempfiles, then it's a system. */ -int +int exec_write(struct exec_info **info,const char *program, const char *args_in,const char *name,int writeonly,int binary) { @@ -599,7 +602,7 @@ exec_finish(struct exec_info *info) log_info(_("WARNING: unable to remove tempfile (%s) `%s': %s\n"), "in",info->tempfile_in,strerror(errno)); } - + if(info->tempfile_out) { if(unlink(info->tempfile_out)==-1) diff --git a/g10/gpg.c b/g10/gpg.c index b773099..ffe964e 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -31,7 +31,10 @@ #endif #include #ifdef HAVE_W32_SYSTEM -#include +# ifdef HAVE_WINSOCK2_H +# include +# endif +# include #endif #define INCLUDED_BY_MAIN_MODULE 1 @@ -273,7 +276,7 @@ enum cmd_and_opt_values oS2KDigest, oS2KCipher, oS2KCount, - oSimpleSKChecksum, + oSimpleSKChecksum, oDisplayCharset, oNotDashEscaped, oEscapeFrom, @@ -302,7 +305,7 @@ enum cmd_and_opt_values oNoAllowNonSelfsignedUID, oAllowFreeformUID, oNoAllowFreeformUID, - oAllowSecretKeyImport, + oAllowSecretKeyImport, oEnableSpecialFilenames, oNoLiteral, oSetFilesize, @@ -392,7 +395,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")), ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")), ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")), - ARGPARSE_c (aDeleteKeys,"delete-keys", + ARGPARSE_c (aDeleteKeys,"delete-keys", N_("remove keys from the public keyring")), ARGPARSE_c (aDeleteSecretKeys, "delete-secret-keys", N_("remove keys from the secret keyring")), @@ -405,9 +408,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aExport, "export" , N_("export keys") ), ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a key server") ), ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a key server") ), - ARGPARSE_c (aSearchKeys, "search-keys" , + ARGPARSE_c (aSearchKeys, "search-keys" , N_("search for keys on a key server") ), - ARGPARSE_c (aRefreshKeys, "refresh-keys", + ARGPARSE_c (aRefreshKeys, "refresh-keys", N_("update all keys from a keyserver")), ARGPARSE_c (aLocateKeys, "locate-keys", "@"), ARGPARSE_c (aFetchKeys, "fetch-keys" , "@" ), @@ -596,7 +599,7 @@ static ARGPARSE_OPTS opts[] = { /* More hidden commands and options. */ ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */ ARGPARSE_c (aListTrustDB, "list-trustdb", "@"), - /* Not yet used: + /* Not yet used: ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */ ARGPARSE_c (aDeleteSecretAndPublicKeys, "delete-secret-and-public-keys", "@"), @@ -620,8 +623,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oNoArmor, "no-armour", "@"), ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"), ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"), - ARGPARSE_s_n (oNoOptions, "no-options", "@"), - ARGPARSE_s_s (oHomedir, "homedir", "@"), + ARGPARSE_s_n (oNoOptions, "no-options", "@"), + ARGPARSE_s_s (oHomedir, "homedir", "@"), ARGPARSE_s_n (oNoBatch, "no-batch", "@"), ARGPARSE_s_n (oWithColons, "with-colons", "@"), ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"), @@ -732,8 +735,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oKeyidFormat, "keyid-format", "@"), ARGPARSE_s_n (oExitOnStatusWriteError, "exit-on-status-write-error", "@"), ARGPARSE_s_i (oLimitCardInsertTries, "limit-card-insert-tries", "@"), - - ARGPARSE_s_n (oAllowMultisigVerification, + + ARGPARSE_s_n (oAllowMultisigVerification, "allow-multisig-verification", "@"), ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"), ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"), @@ -788,7 +791,7 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*)) { const char *s; char *result; - + if (maybe_setuid) { gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ @@ -858,14 +861,14 @@ my_strusage( int level ) break; case 35: if( !ciphers ) - ciphers = build_list(_("Cipher: "), 'S', + ciphers = build_list(_("Cipher: "), 'S', openpgp_cipher_algo_name, openpgp_cipher_test_algo ); p = ciphers; break; case 36: if( !digests ) - digests = build_list(_("Hash: "), 'H', + digests = build_list(_("Hash: "), 'H', gcry_md_algo_name, openpgp_md_test_algo ); p = digests; @@ -961,7 +964,7 @@ static void set_opt_session_env (const char *name, const char *value) { gpg_error_t err; - + err = session_env_setenv (opt.session_env, name, value); if (err) log_fatal ("error setting session environment: %s\n", @@ -995,7 +998,7 @@ set_debug (const char *level) /* Unless the "guru" string has been used we don't want to allow hashing debugging. The rationale is that people tend to select the highest debug value and would then clutter their - disk with debug files which may reveal confidential data. */ + disk with debug files which may reveal confidential data. */ if (numok) opt.debug &= ~(DBG_HASHING_VALUE); } @@ -1019,17 +1022,17 @@ set_debug (const char *level) if (opt.debug) log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s%s%s%s%s\n", - (opt.debug & DBG_PACKET_VALUE )? " packet":"", - (opt.debug & DBG_MPI_VALUE )? " mpi":"", - (opt.debug & DBG_CIPHER_VALUE )? " cipher":"", - (opt.debug & DBG_FILTER_VALUE )? " filter":"", - (opt.debug & DBG_IOBUF_VALUE )? " iobuf":"", - (opt.debug & DBG_MEMORY_VALUE )? " memory":"", - (opt.debug & DBG_CACHE_VALUE )? " cache":"", - (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", - (opt.debug & DBG_TRUST_VALUE )? " trust":"", - (opt.debug & DBG_HASHING_VALUE)? " hashing":"", - (opt.debug & DBG_EXTPROG_VALUE)? " extprog":"", + (opt.debug & DBG_PACKET_VALUE )? " packet":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CIPHER_VALUE )? " cipher":"", + (opt.debug & DBG_FILTER_VALUE )? " filter":"", + (opt.debug & DBG_IOBUF_VALUE )? " iobuf":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_TRUST_VALUE )? " trust":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_EXTPROG_VALUE)? " extprog":"", (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"", (opt.debug & DBG_ASSUAN_VALUE )? " assuan":""); } @@ -1092,7 +1095,7 @@ open_info_file (const char *fname, int for_write, int binary) (void)for_write; (void)binary; return -1; -#else +#else int fd; if (binary) @@ -1118,7 +1121,7 @@ open_info_file (const char *fname, int for_write, int binary) if ( fd == -1) log_error ( for_write? _("can't create `%s': %s\n") : _("can't open `%s': %s\n"), fname, strerror(errno)); - + return fd; #endif } @@ -1559,7 +1562,7 @@ list_config(char *items) printf("\n"); any=1; } - + if(show_all || ascii_strcasecmp(name,"compress")==0) { printf("cfg:compress:"); @@ -1824,7 +1827,7 @@ get_default_configname (void) if (configname) { char *tok; - + xfree (configname); configname = NULL; @@ -1835,13 +1838,13 @@ get_default_configname (void) else break; } - + configname = make_filename (opt.homedir, name, NULL); } while (access (configname, R_OK)); xfree(name); - + if (! configname) configname = make_filename (opt.homedir, "gpg" EXTSEP_S "conf", NULL); if (! access (configname, R_OK)) @@ -2048,7 +2051,7 @@ main (int argc, char **argv) /* Initialize the secure memory. */ if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0)) - got_secmem = 1; + got_secmem = 1; #if defined(HAVE_GETUID) && defined(HAVE_GETEUID) /* There should be no way to get to this spot while still carrying setuid privs. Just in case, bomb out if we are. */ @@ -2065,7 +2068,7 @@ main (int argc, char **argv) malloc_hooks.free = gcry_free; assuan_set_malloc_hooks (&malloc_hooks); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); - + /* Try for a version specific config file first */ default_configname = get_default_configname (); @@ -2125,55 +2128,55 @@ main (int argc, char **argv) { switch( pargs.r_opt ) { - case aCheckKeys: + case aCheckKeys: case aListConfig: case aGPGConfList: case aGPGConfTest: case aListPackets: - case aImport: - case aFastImport: - case aSendKeys: - case aRecvKeys: + case aImport: + case aFastImport: + case aSendKeys: + case aRecvKeys: case aSearchKeys: case aRefreshKeys: case aFetchKeys: - case aExport: + case aExport: #ifdef ENABLE_CARD_SUPPORT case aCardStatus: - case aCardEdit: + case aCardEdit: case aChangePIN: #endif /* ENABLE_CARD_SUPPORT*/ - case aListKeys: + case aListKeys: case aLocateKeys: - case aListSigs: - case aExportSecret: - case aExportSecretSub: + case aListSigs: + case aExportSecret: + case aExportSecretSub: case aSym: - case aClearsign: - case aGenRevoke: - case aDesigRevoke: - case aPrimegen: + case aClearsign: + case aGenRevoke: + case aDesigRevoke: + case aPrimegen: case aGenRandom: case aPrintMD: - case aPrintMDs: - case aListTrustDB: + case aPrintMDs: + case aListTrustDB: case aCheckTrustDB: - case aUpdateTrustDB: - case aFixTrustDB: - case aListTrustPath: - case aDeArmor: - case aEnArmor: - case aSign: - case aSignKey: + case aUpdateTrustDB: + case aFixTrustDB: + case aListTrustPath: + case aDeArmor: + case aEnArmor: + case aSign: + case aSignKey: case aLSignKey: - case aStore: - case aExportOwnerTrust: - case aImportOwnerTrust: + case aStore: + case aExportOwnerTrust: + case aImportOwnerTrust: case aRebuildKeydbCaches: set_cmd (&cmd, pargs.r_opt); break; - case aKeygen: + case aKeygen: case aEditKey: case aDeleteSecretKeys: case aDeleteSecretAndPublicKeys: @@ -2223,7 +2226,7 @@ main (int argc, char **argv) case oNoUseAgent: obsolete_option (configname, configlineno, "--no-use-agent"); break; - case oGpgAgentInfo: + case oGpgAgentInfo: obsolete_option (configname, configlineno, "--gpg-agent-info"); break; @@ -2286,12 +2289,12 @@ main (int argc, char **argv) case oNoArmor: opt.no_armor=1; opt.armor=0; break; case oNoDefKeyring: default_keyring = 0; break; case oNoGreeting: nogreeting = 1; break; - case oNoVerbose: + case oNoVerbose: opt.verbose = 0; gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); opt.list_sigs=0; break; - case oQuickRandom: + case oQuickRandom: gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); break; case oEmitVersion: opt.no_version=0; break; @@ -2321,12 +2324,12 @@ main (int argc, char **argv) case oWithColons: opt.with_colons=':'; break; case oWithSigCheck: opt.check_sigs = 1; /*FALLTHRU*/ - case oWithSigList: opt.list_sigs = 1; break; + case oWithSigList: opt.list_sigs = 1; break; case oSkipVerify: opt.skip_verify=1; break; - case oSkipHiddenRecipients: - case oNoSkipHiddenRecipients: + case oSkipHiddenRecipients: + case oNoSkipHiddenRecipients: /* Dummies for options to be used in 2.1. */ break; @@ -2574,7 +2577,7 @@ main (int argc, char **argv) case oCommandFile: opt.command_fd = open_info_file (pargs.r.ret_str, 0, 1); break; - case oCipherAlgo: + case oCipherAlgo: def_cipher_string = xstrdup(pargs.r.ret_str); break; case oDigestAlgo: @@ -2604,12 +2607,12 @@ main (int argc, char **argv) compress_algo_string = xstrdup(pargs.r.ret_str); } break; - case oCertDigestAlgo: + case oCertDigestAlgo: cert_digest_string = xstrdup(pargs.r.ret_str); break; - case oNoSecmemWarn: - gcry_control (GCRYCTL_DISABLE_SECMEM_WARN); + case oNoSecmemWarn: + gcry_control (GCRYCTL_DISABLE_SECMEM_WARN); break; case oRequireSecmem: require_secmem=1; break; @@ -2882,8 +2885,8 @@ main (int argc, char **argv) } break; - case oStrict: - case oNoStrict: + case oStrict: + case oNoStrict: /* Not used */ break; @@ -2908,8 +2911,8 @@ main (int argc, char **argv) opt.exit_on_status_write_error = 1; break; - case oLimitCardInsertTries: - opt.limit_card_insert_tries = pargs.r.ret_int; + case oLimitCardInsertTries: + opt.limit_card_insert_tries = pargs.r.ret_int; break; case oRequireCrossCert: opt.flags.require_cross_cert=1; break; @@ -2943,7 +2946,7 @@ main (int argc, char **argv) case oNoop: break; - default: + default: pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; break; } @@ -3350,12 +3353,12 @@ main (int argc, char **argv) avoid adding the secret keyring for a couple of commands to avoid unneeded access in case the secrings are stored on a floppy. - + We always need to add the keyrings if we are running under SELinux, this is so that the rings are added to the list of secured files. */ - if( ALWAYS_ADD_KEYRINGS - || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) ) + if( ALWAYS_ADD_KEYRINGS + || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) ) { if (ALWAYS_ADD_KEYRINGS || (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys @@ -3405,11 +3408,11 @@ main (int argc, char **argv) switch (cmd) { - case aStore: - case aSym: - case aSign: - case aSignSym: - case aClearsign: + case aStore: + case aSym: + case aSign: + case aSignSym: + case aClearsign: if (!opt.quiet && any_explicit_recipient) log_info (_("WARNING: recipients (-r) given " "without using public key encryption\n")); @@ -3579,7 +3582,7 @@ main (int argc, char **argv) log_error("decrypt_message failed: %s\n", g10_errstr(rc) ); } break; - + case aSignKey: if( argc != 1 ) wrong_args(_("--sign-key user-id")); @@ -3951,7 +3954,7 @@ main (int argc, char **argv) wrong_args("--import-ownertrust [file]"); import_ownertrust( argc? *argv:NULL ); break; - + case aRebuildKeydbCaches: if (argc) wrong_args ("--rebuild-keydb-caches"); @@ -4064,7 +4067,7 @@ g10_exit( int rc ) gcry_control (GCRYCTL_DUMP_SECMEM_STATS ); emergency_cleanup (); - + rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0; exit (rc); } @@ -4158,12 +4161,12 @@ print_hashline( gcry_md_hd_t md, int algo, const char *fname ) { int i, n; const byte *p; - + if ( fname ) { for (p = fname; *p; p++ ) { if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' ) printf("%%%02X", *p ); - else + else putchar( *p ); } } @@ -4171,7 +4174,7 @@ print_hashline( gcry_md_hd_t md, int algo, const char *fname ) printf("%d:", algo ); p = gcry_md_read (md, algo); n = gcry_md_get_algo_dlen (algo); - for(i=0; i < n ; i++, p++ ) + for(i=0; i < n ; i++, p++ ) printf("%02X", *p ); putchar(':'); putchar('\n'); @@ -4229,7 +4232,7 @@ print_mds( const char *fname, int algo ) else { gcry_md_final (md); if ( opt.with_colons ) { - if ( algo ) + if ( algo ) print_hashline( md, algo, fname ); else { print_hashline( md, GCRY_MD_MD5, fname ); @@ -4328,7 +4331,7 @@ add_policy_url( const char *string, int which ) sl=add_to_strlist( &opt.sig_policy_url, string ); if(critical) - sl->flags |= 1; + sl->flags |= 1; } static void @@ -4361,5 +4364,5 @@ add_keyserver_url( const char *string, int which ) sl=add_to_strlist( &opt.sig_keyserver_url, string ); if(critical) - sl->flags |= 1; + sl->flags |= 1; } diff --git a/g10/misc.c b/g10/misc.c index 1a937f1..6e9b31e 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -40,6 +40,9 @@ #ifdef HAVE_W32_SYSTEM #include #include +#ifdef HAVE_WINSOCK2_H +# include +#endif #include #include #ifndef CSIDL_APPDATA diff --git a/g10/photoid.c b/g10/photoid.c index 37156f2..615837e 100644 --- a/g10/photoid.c +++ b/g10/photoid.c @@ -21,7 +21,10 @@ #include #include #include -#ifdef _WIN32 +#ifdef _WIN32 +# ifdef HAVE_WINSOCK2_H +# include +# endif # include # ifndef VER_PLATFORM_WIN32_WINDOWS # define VER_PLATFORM_WIN32_WINDOWS 1 @@ -121,7 +124,7 @@ generate_photo_id(PKT_public_key *pk,const char *photo_name) continue; } - + len=iobuf_get_filelength(file, &overflow); if(len>6144 || overflow) { diff --git a/jnlib/stringhelp.c b/jnlib/stringhelp.c index 3173ebc..c43b120 100644 --- a/jnlib/stringhelp.c +++ b/jnlib/stringhelp.c @@ -30,6 +30,9 @@ #include #include #ifdef HAVE_W32_SYSTEM +# ifdef HAVE_WINSOCK2_H +# include +# endif # include #endif @@ -230,7 +233,7 @@ length_sans_trailing_chars (const unsigned char *line, size_t len, { const unsigned char *p, *mark; size_t n; - + for( mark=NULL, p=line, n=0; n < len; n++, p++ ) { if (strchr (trimchars, *p )) @@ -241,8 +244,8 @@ length_sans_trailing_chars (const unsigned char *line, size_t len, else mark = NULL; } - - if (mark) + + if (mark) return mark - line; return len; } @@ -355,16 +358,16 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr) { const char *argv[32]; int argc; - size_t n; + size_t n; int skip = 1; char *home_buffer = NULL; - char *name, *home, *p; - - n = strlen (first_part) + 1; + char *name, *home, *p; + + n = strlen (first_part) + 1; argc = 0; - while ( (argv[argc] = va_arg (arg_ptr, const char *)) ) + while ( (argv[argc] = va_arg (arg_ptr, const char *)) ) { - n += strlen (argv[argc]) + 1; + n += strlen (argv[argc]) + 1; if (argc >= DIM (argv)-1) { if (xmode) @@ -372,11 +375,11 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr) errno = EINVAL; return NULL; } - argc++; + argc++; } n++; - - home = NULL; + + home = NULL; if (*first_part == '~') { if (first_part[1] == '/' || !first_part[1]) @@ -386,13 +389,13 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr) if (!home) home = home_buffer = get_pwdir (xmode, NULL); if (home && *home) - n += strlen (home); + n += strlen (home); } else { /* This is the "~username/" or "~username" case. */ char *user; - + if (xmode) user = jnlib_xstrdup (first_part+1); else @@ -405,7 +408,7 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr) if (p) *p = 0; skip = 1 + strlen (user); - + home = home_buffer = get_pwdir (xmode, user); jnlib_free (user); if (home) @@ -426,7 +429,7 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr) return NULL; } } - + if (home) p = stpcpy (stpcpy (name, home), first_part + skip); else @@ -481,9 +484,9 @@ int compare_filenames (const char *a, const char *b) { #ifdef HAVE_DRIVE_LETTERS - for ( ; *a && *b; a++, b++ ) + for ( ; *a && *b; a++, b++ ) { - if (*a != *b + if (*a != *b && (toupper (*(const unsigned char*)a) != toupper (*(const unsigned char*)b) ) && !((*a == '/' && *b == '\\') || (*a == '\\' && *b == '/'))) @@ -492,7 +495,7 @@ compare_filenames (const char *a, const char *b) if ((*a == '/' && *b == '\\') || (*a == '\\' && *b == '/')) return 0; else - return (toupper (*(const unsigned char*)a) + return (toupper (*(const unsigned char*)a) - toupper (*(const unsigned char*)b)); #else return strcmp(a,b); @@ -531,7 +534,7 @@ hextobyte (const char *s) /* Print a BUFFER to stream FP while replacing all control characters and the characters DELIM and DELIM2 with standard C escape sequences. Returns the number of characters printed. */ -size_t +size_t print_sanitized_buffer2 (FILE *fp, const void *buffer, size_t length, int delim, int delim2) { @@ -540,9 +543,9 @@ print_sanitized_buffer2 (FILE *fp, const void *buffer, size_t length, for (; length; length--, p++, count++) { - if (*p < 0x20 + if (*p < 0x20 || *p == 0x7f - || *p == delim + || *p == delim || *p == delim2 || ((delim || delim2) && *p=='\\')) { @@ -595,7 +598,7 @@ print_sanitized_buffer2 (FILE *fp, const void *buffer, size_t length, } /* Same as print_sanitized_buffer2 but with just one delimiter. */ -size_t +size_t print_sanitized_buffer (FILE *fp, const void *buffer, size_t length, int delim) { @@ -603,7 +606,7 @@ print_sanitized_buffer (FILE *fp, const void *buffer, size_t length, } -size_t +size_t print_sanitized_utf8_buffer (FILE *fp, const void *buffer, size_t length, int delim) { @@ -611,7 +614,7 @@ print_sanitized_utf8_buffer (FILE *fp, const void *buffer, size_t i; /* We can handle plain ascii simpler, so check for it first. */ - for (i=0; i < length; i++ ) + for (i=0; i < length; i++ ) { if ( (p[i] & 0x80) ) break; @@ -630,20 +633,20 @@ print_sanitized_utf8_buffer (FILE *fp, const void *buffer, } -size_t +size_t print_sanitized_string2 (FILE *fp, const char *string, int delim, int delim2) { return string? print_sanitized_buffer2 (fp, string, strlen (string), delim, delim2):0; } -size_t +size_t print_sanitized_string (FILE *fp, const char *string, int delim) { return string? print_sanitized_buffer (fp, string, strlen (string), delim):0; } -size_t +size_t print_sanitized_utf8_string (FILE *fp, const char *string, int delim) { return string? print_sanitized_utf8_buffer (fp, @@ -663,7 +666,7 @@ sanitize_buffer (const void *p_arg, size_t n, int delim) char *buffer, *d; /* First count length. */ - for (save_n = n, save_p = p, buflen=1 ; n; n--, p++ ) + for (save_n = n, save_p = p, buflen=1 ; n; n--, p++ ) { if ( *p < 0x20 || *p == 0x7f || *p == delim || (delim && *p=='\\')) { @@ -735,13 +738,13 @@ const char * w32_strerror (int ec) { static char strerr[256]; - + if (ec == -1) ec = (int)GetLastError (); FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, NULL, ec, MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), strerr, DIM (strerr)-1, NULL); - return strerr; + return strerr; } #endif /*HAVE_W32_SYSTEM*/ @@ -762,7 +765,7 @@ ascii_islower (int c) return c >= 'a' && c <= 'z'; } -int +int ascii_toupper (int c) { if (c >= 'a' && c <= 'z') @@ -770,7 +773,7 @@ ascii_toupper (int c) return c; } -int +int ascii_tolower (int c) { if (c >= 'A' && c <= 'Z') @@ -792,7 +795,7 @@ ascii_strcasecmp( const char *a, const char *b ) return *a == *b? 0 : (ascii_toupper (*a) - ascii_toupper (*b)); } -int +int ascii_strncasecmp (const char *a, const char *b, size_t n) { const unsigned char *p1 = (const unsigned char *)a; @@ -814,7 +817,7 @@ ascii_strncasecmp (const char *a, const char *b, size_t n) ++p2; } while (c1 == c2); - + return c1 - c2; } @@ -860,7 +863,7 @@ ascii_memcasemem (const void *haystack, size_t nhaystack, { const char *a = haystack; const char *b = a + nhaystack - nneedle; - + for (; a <= b; a++) { if ( !ascii_memcasecmp (a, needle, nneedle) ) diff --git a/jnlib/w32-gettext.c b/jnlib/w32-gettext.c index 834b2aa..14cb1e1 100644 --- a/jnlib/w32-gettext.c +++ b/jnlib/w32-gettext.c @@ -6,12 +6,12 @@ modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, see . */ @@ -32,6 +32,9 @@ #include #include #include +#ifdef HAVE_WINSOCK2_H +# include +#endif #include #ifdef JNLIB_IN_JNLIB @@ -595,8 +598,8 @@ #ifndef SUBLANG_UZBEK_CYRILLIC #define SUBLANG_UZBEK_CYRILLIC 0x02 #endif - -/* Return an XPG style locale name + +/* Return an XPG style locale name language[_territory[.codeset]][@modifier]. Don't even bother determining the codeset; it's not useful in this context, because message catalogs are not specific to a single @@ -1034,7 +1037,7 @@ hash_string( const char *str_param ) { unsigned long int hval, g; const char *str = str_param; - + hval = 0; while (*str != '\0') { @@ -1158,7 +1161,7 @@ free_domain (struct loaded_domain *domain) jnlib_free (domain); } - + static struct loaded_domain * load_domain (const char *filename) { @@ -1169,7 +1172,7 @@ load_domain (const char *filename) struct loaded_domain *domain = NULL; size_t to_read; char *read_ptr; - + fp = fopen (filename, "rb"); if (!fp) return NULL; @@ -1225,7 +1228,7 @@ load_domain (const char *filename) domain->data = (char *) data; domain->data_native = (char *) data + size; domain->must_swap = data->magic != MAGIC; - + /* Fill in the information about the available tables. */ switch (SWAPIT (domain->must_swap, data->revision)) { @@ -1276,7 +1279,7 @@ utf8_to_wchar (const char *string, size_t length, size_t *retlen) return NULL; nbytes = (size_t)(n+1) * sizeof(*result); - if (nbytes / sizeof(*result) != (n+1)) + if (nbytes / sizeof(*result) != (n+1)) { errno = ENOMEM; return NULL; @@ -1465,17 +1468,17 @@ get_string (struct loaded_domain *domain, uint32_t idx, + SWAPIT(domain->must_swap, domain->trans_tab[idx].offset)); translen = SWAPIT(domain->must_swap, domain->trans_tab[idx].length); } - else if (!domain->mapped[idx]) + else if (!domain->mapped[idx]) { /* Not yet mapped. Map from utf-8 to native encoding now. */ const char *p_utf8; size_t plen_utf8, buflen; char *buf; - p_utf8 = (domain->data + p_utf8 = (domain->data + SWAPIT(domain->must_swap, domain->trans_tab[idx].offset)); plen_utf8 = SWAPIT(domain->must_swap, domain->trans_tab[idx].length); - + buf = utf8_to_native (p_utf8, plen_utf8, &buflen); if (!buf) { @@ -1487,7 +1490,7 @@ get_string (struct loaded_domain *domain, uint32_t idx, /* Copy into the DATA_NATIVE area. */ char *p_tmp; - p_tmp = (domain->data_native + p_tmp = (domain->data_native + SWAPIT(domain->must_swap, domain->trans_tab[idx].offset)); memcpy (p_tmp, buf, buflen); domain->mapped[idx] = buflen; @@ -1523,7 +1526,7 @@ get_string (struct loaded_domain *domain, uint32_t idx, } jnlib_free (buf); } - else if (domain->mapped[idx] == 1) + else if (domain->mapped[idx] == 1) { /* The translated string is in the overflow_space. */ for (os=domain->overflow_space; os; os = os->next) @@ -1540,8 +1543,8 @@ get_string (struct loaded_domain *domain, uint32_t idx, translen = 0; } } - else - { + else + { trans = (domain->data_native + SWAPIT(domain->must_swap, domain->trans_tab[idx].offset)); translen = domain->mapped[idx]; @@ -1559,7 +1562,7 @@ do_gettext (const char *msgid, const char *msgid2, unsigned long nplural) { struct loaded_domain *domain; uint32_t top, bottom, nstr; - + if (!(domain = the_domain)) goto not_found; @@ -1576,7 +1579,7 @@ do_gettext (const char *msgid, const char *msgid2, unsigned long nplural) { nstr--; if (nstr < domain->nstrings - && SWAPIT(domain->must_swap, + && SWAPIT(domain->must_swap, domain->orig_tab[nstr].length) >= len && !strcmp (msgid, (domain->data + SWAPIT(domain->must_swap, @@ -1599,7 +1602,7 @@ do_gettext (const char *msgid, const char *msgid2, unsigned long nplural) while (bottom < top) { int cmp_val; - + nstr = (bottom + top) / 2; cmp_val = strcmp (msgid, (domain->data + SWAPIT(domain->must_swap, @@ -1671,10 +1674,10 @@ gettext_select_utf8 (int value) int main (int argc, char **argv) { - const char atext1[] = + const char atext1[] = "Warning: You have entered an insecure passphrase.%%0A" "A passphrase should be at least %u character long."; - const char atext2[] = + const char atext2[] = "Warning: You have entered an insecure passphrase.%%0A" "A passphrase should be at least %u characters long."; @@ -1683,7 +1686,7 @@ main (int argc, char **argv) argc--; argv++; } - + bindtextdomain ("gnupg2", "c:/programme/gnu/gnupg/share/locale"); printf ("locale is `%s'\n", gettext_localename ()); diff --git a/jnlib/w32-reg.c b/jnlib/w32-reg.c index e6bd911..a6e2395 100644 --- a/jnlib/w32-reg.c +++ b/jnlib/w32-reg.c @@ -25,6 +25,9 @@ #include #include #include +#ifdef HAVE_WINSOCK2_H +# include +#endif #include #include "libjnlib-config.h" @@ -34,7 +37,7 @@ static HKEY get_root_key(const char *root) { HKEY root_key; - + if (!root) root_key = HKEY_CURRENT_USER; else if (!strcmp( root, "HKEY_CLASSES_ROOT" ) ) @@ -51,7 +54,7 @@ get_root_key(const char *root) root_key = HKEY_CURRENT_CONFIG; else return NULL; - + return root_key; } @@ -65,10 +68,10 @@ read_w32_registry_string (const char *root, const char *dir, const char *name) HKEY root_key, key_handle; DWORD n1, nbytes, type; char *result = NULL; - + if ( !(root_key = get_root_key(root) ) ) return NULL; - + if ( RegOpenKeyEx( root_key, dir, 0, KEY_READ, &key_handle ) ) { if (root) @@ -94,7 +97,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name) if (type == REG_EXPAND_SZ && strchr (result, '%')) { char *tmp; - + n1 += 1000; tmp = jnlib_malloc (n1+1); if (!tmp) @@ -111,7 +114,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name) if (nbytes && nbytes > n1) { /* Oops - truncated, better don't expand at all. */ - jnlib_free (tmp); + jnlib_free (tmp); goto leave; } tmp[nbytes] = 0; @@ -126,14 +129,14 @@ read_w32_registry_string (const char *root, const char *dir, const char *name) result = jnlib_malloc (strlen (tmp)+1); if (!result) result = tmp; - else + else { strcpy (result, tmp); jnlib_free (tmp); } } - else - { + else + { /* Error - don't expand. */ jnlib_free (tmp); } @@ -146,22 +149,22 @@ read_w32_registry_string (const char *root, const char *dir, const char *name) int -write_w32_registry_string (const char *root, const char *dir, +write_w32_registry_string (const char *root, const char *dir, const char *name, const char *value) { HKEY root_key, reg_key; - + if ( !(root_key = get_root_key(root) ) ) return -1; - - if ( RegOpenKeyEx( root_key, dir, 0, KEY_WRITE, ®_key ) + + if ( RegOpenKeyEx( root_key, dir, 0, KEY_WRITE, ®_key ) != ERROR_SUCCESS ) return -1; - - if ( RegSetValueEx (reg_key, name, 0, REG_SZ, (BYTE *)value, + + if ( RegSetValueEx (reg_key, name, 0, REG_SZ, (BYTE *)value, strlen( value ) ) != ERROR_SUCCESS ) { - if ( RegCreateKey( root_key, name, ®_key ) != ERROR_SUCCESS ) + if ( RegCreateKey( root_key, name, ®_key ) != ERROR_SUCCESS ) { RegCloseKey(reg_key); return -1; @@ -173,9 +176,9 @@ write_w32_registry_string (const char *root, const char *dir, return -1; } } - + RegCloseKey (reg_key); - + return 0; } diff --git a/keyserver/gpgkeys_finger.c b/keyserver/gpgkeys_finger.c index 721cb9a..a599e4d 100644 --- a/keyserver/gpgkeys_finger.c +++ b/keyserver/gpgkeys_finger.c @@ -28,7 +28,10 @@ #endif #ifdef HAVE_W32_SYSTEM -#include +# ifdef HAVE_WINSOCK2_H +# include +# endif +# include #else #include #include @@ -79,9 +82,9 @@ connect_server (const char *server, unsigned short port) /* Win32 gethostbyname doesn't handle IP addresses internally, so we try inet_addr first on that platform only. */ - if ((l = inet_addr (server)) != INADDR_NONE) + if ((l = inet_addr (server)) != INADDR_NONE) memcpy (&addr.sin_addr, &l, sizeof l); - else if ((hp = gethostbyname (server))) + else if ((hp = gethostbyname (server))) { if (hp->h_addrtype != AF_INET) { @@ -107,14 +110,14 @@ connect_server (const char *server, unsigned short port) sock = socket (AF_INET, SOCK_STREAM, 0); if (sock == INVALID_SOCKET) { - fprintf (console, "gpgkeys: error creating socket: ec=%d\n", + fprintf (console, "gpgkeys: error creating socket: ec=%d\n", (int)WSAGetLastError ()); return -1; } if (connect (sock, (struct sockaddr *)&addr, sizeof addr)) { - fprintf (console, "gpgkeys: error connecting `%s': ec=%d\n", + fprintf (console, "gpgkeys: error connecting `%s': ec=%d\n", server, (int)WSAGetLastError ()); sock_close (sock); return -1; @@ -134,26 +137,26 @@ connect_server (const char *server, unsigned short port) server, strerror (errno)); return -1; } - + addr.sin_addr = *(struct in_addr*)host->h_addr; sock = socket (AF_INET, SOCK_STREAM, 0); if (sock == -1) { - fprintf (console, "gpgkeys: error creating socket: %s\n", + fprintf (console, "gpgkeys: error creating socket: %s\n", strerror (errno)); return -1; } - + if (connect (sock, (struct sockaddr *)&addr, sizeof addr) == -1) { - fprintf (console, "gpgkeys: error connecting `%s': %s\n", + fprintf (console, "gpgkeys: error connecting `%s': %s\n", server, strerror (errno)); close (sock); return -1; } #endif - + return sock; } @@ -163,11 +166,11 @@ write_server (int sock, const char *data, size_t length) int nleft; nleft = length; - while (nleft > 0) + while (nleft > 0) { int nwritten; - -#ifdef HAVE_W32_SYSTEM + +#ifdef HAVE_W32_SYSTEM nwritten = send (sock, data, nleft, 0); if ( nwritten == SOCKET_ERROR ) { @@ -184,7 +187,7 @@ write_server (int sock, const char *data, size_t length) if (errno == EAGAIN) { struct timeval tv; - + tv.tv_sec = 0; tv.tv_usec = 50000; select(0, NULL, NULL, NULL, &tv); @@ -197,7 +200,7 @@ write_server (int sock, const char *data, size_t length) nleft -=nwritten; data += nwritten; } - + return 0; } @@ -227,7 +230,7 @@ send_request (const char *request, int *r_sock) return KEYSERVER_GENERAL_ERROR; } *server++ = 0; - + sock = connect_server (server, 79); if (sock == -1) { @@ -272,7 +275,7 @@ get_key (char *getkey) sock_close (sock); return KEYSERVER_OK; } - + /* Hmmm, we use iobuf here only to cope with Windows socket peculiarities (we can't used fdopen). */ fp_read = iobuf_sockopen (sock , "r"); @@ -286,7 +289,7 @@ get_key (char *getkey) while ( iobuf_read_line ( fp_read, &line, &buflen, &maxlen)) { maxlen=1024; - + if(gotit) { print_nocr(output, (const char*)line); @@ -299,7 +302,7 @@ get_key (char *getkey) gotit=1; } } - + if(gotit) fprintf (output,"KEY 0x%s END\n", getkey); else @@ -316,7 +319,7 @@ get_key (char *getkey) } -static void +static void show_help (FILE *fp) { fprintf (fp,"-h, --help\thelp\n"); diff --git a/keyserver/ksutil.c b/keyserver/ksutil.c index cc46b92..7231d0a 100644 --- a/keyserver/ksutil.c +++ b/keyserver/ksutil.c @@ -36,7 +36,10 @@ #include #ifdef HAVE_W32_SYSTEM -#include +# ifdef HAVE_WINSOCK2_H +# include +# endif +# include #endif #ifdef HAVE_LIBCURL @@ -78,7 +81,7 @@ register_timeout(void) sigemptyset(&act.sa_mask); act.sa_flags=0; return sigaction(SIGALRM,&act,NULL); -#else +#else if(signal(SIGALRM,catch_alarm)==SIG_ERR) return -1; else @@ -597,7 +600,7 @@ ks_hextobyte (const char *s) /* Non localized version of toupper. */ -int +int ks_toupper (int c) { if (c >= 'a' && c <= 'z') diff --git a/scd/apdu.c b/scd/apdu.c index 4f40a69..372932a 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -82,7 +82,7 @@ #endif #if defined(__APPLE__) || defined(_WIN32) || defined(__CYGWIN__) -typedef unsinged int pcsc_dword_t; +typedef unsigned int pcsc_dword_t; #else typedef unsigned long pcsc_dword_t; #endif commit a557a74615774b228dae14cf83a92ec26e2b03b5 Author: Werner Koch Date: Tue Apr 23 17:04:56 2013 +0200 Allow building gpgkeys_ldap with the 32 bit mingw-w64 toolchain. * keyserver/gpgkeys_ldap.c (my_ldap_start_tls_s): Define macro depending on compiler version. (main): Use new macro. -- It seems that the LDAP keyserver helper if build with the old mingw32 toolchain never worked correctly for LDAPS. The prototype there for ldap_start_tls_s is plainly wrong for Windows. However, the fix here has special support so not to break building with the old compiler. diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c index bd85234..9f99b28 100644 --- a/keyserver/gpgkeys_ldap.c +++ b/keyserver/gpgkeys_ldap.c @@ -61,6 +61,21 @@ #include "util.h" #endif + +#if HAVE_W32_SYSTEM +# if !defined(__MINGW64_VERSION_MAJOR) || !defined(__MINGW32_MAJOR_VERSION) + /* This is mingw32 with bogus ldap definitions; i.e. Unix style + LDAP definitions. */ +# define my_ldap_start_tls_s(a,b,c) ldap_start_tls_sA ((a),(b),(c)) +# else + /* Standard Microsoft or mingw64. */ +# define my_ldap_start_tls_s(a,b,c) ldap_start_tls_sA ((a),NULL,NULL,(b),(c)) +# endif +#else /*!W32*/ +# define my_ldap_start_tls_s(a,b,c) ldap_start_tls_s ((a),(b),(c)) +#endif /*!W32*/ + + extern char *optarg; extern int optind; @@ -2189,7 +2204,7 @@ main(int argc,char *argv[]) #endif if(err==LDAP_SUCCESS) - err=ldap_start_tls_s(ldap,NULL,NULL); + err = my_ldap_start_tls_s (ldap, NULL, NULL); if(err!=LDAP_SUCCESS) { ----------------------------------------------------------------------- Summary of changes: agent/preset-passphrase.c | 23 +++--- agent/protect.c | 161 +++++++++++++++++++------------------ autogen.sh | 2 +- common/estream.c | 3 + common/homedir.c | 39 +++++---- common/http.c | 3 + common/init.c | 7 +- common/iobuf.c | 69 ++++++++-------- common/sysutils.c | 27 ++++--- common/ttyio.c | 43 +++++----- g10/exec.c | 21 +++-- g10/gpg.c | 193 ++++++++++++++++++++++---------------------- g10/misc.c | 3 + g10/photoid.c | 7 +- jnlib/stringhelp.c | 75 +++++++++-------- jnlib/w32-gettext.c | 47 ++++++----- jnlib/w32-reg.c | 39 +++++---- keyserver/gpgkeys_finger.c | 43 +++++----- keyserver/gpgkeys_ldap.c | 17 ++++- keyserver/ksutil.c | 9 ++- scd/apdu.c | 2 +- 21 files changed, 452 insertions(+), 381 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 23 18:55:09 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 23 Apr 2013 18:55:09 +0200 Subject: [git] W32PTH - branch, master, updated. w32pth-2.0.4-9-g24c11aa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Pth Emulation for W32". The branch, master has been updated via 24c11aa203fe0c7bdbc0d851e8da60ddadef193e (commit) via 0c2ede66f8404a3c99a7e46cebb166efddaffffd (commit) from 980ba956de34ca7742c5e56fda482de65403284e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 24c11aa203fe0c7bdbc0d851e8da60ddadef193e Author: Werner Koch Date: Tue Apr 23 18:34:32 2013 +0200 Release 2.0.5. diff --git a/NEWS b/NEWS index 9e04560..c4a6516 100644 --- a/NEWS +++ b/NEWS @@ -1,16 +1,18 @@ -Noteworthy changes in version 2.0.5 +Noteworthy changes in version 2.0.5 (2013-04-23) ------------------------------------------------ * Fix regression in W32 timer handling introduced by 2.0.3. + * Switch to i686-w64-mingw32 as default toolchain. -Noteworthy changes in version 2.0.4 (2010-08-02) + +Noteworthy changes in version 2.0.4 (2010-08-02) ------------------------------------------------ * Bug fix: Export pth_enter and pth_leave. -Noteworthy changes in version 2.0.3 (2010-07-30) +Noteworthy changes in version 2.0.3 (2010-07-30) ------------------------------------------------ * Support WindowsCE. @@ -41,10 +43,10 @@ Noteworthy changes in version 2.0.1 (2007-08-16) * Fixes. Better support for select. - + Noteworthy changes in version 2.0.0 (2007-07-05) ------------------------------------------------ - + * First release. We need to use this unusually high version number to indicate the version of Pth we are emulating. diff --git a/configure.ac b/configure.ac index 055956a..ae2c9e8 100644 --- a/configure.ac +++ b/configure.ac @@ -1,18 +1,18 @@ # configure.ac - for w32pth # Copyright (C) 2007, 2008 g10 Code GmbH -# +# # This file is part of W32PTH -# +# # W32PTH is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2.1 of the # License, or (at your option) any later version. -# +# # W32PTH is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA @@ -26,7 +26,7 @@ min_automake_version="1.10" # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [2.0.4]) +m4_define([my_version], [2.0.5]) m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ @@ -45,7 +45,7 @@ AC_INIT([w32pth], # Please remember to document interface changes in the NEWS file. W32PTH_LT_CURRENT=2 W32PTH_LT_AGE=2 -W32PTH_LT_REVISION=1 +W32PTH_LT_REVISION=2 #------------------- # If the API is changed in an incompatible way: increment the next counter. W32PTH_CONFIG_API_VERSION=1 @@ -211,7 +211,7 @@ AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes) # Generate extended version information for W32. if test "$have_w32_system" = yes; then BUILD_TIMESTAMP=`date --iso-8601=minutes` - changequote(,)dnl + changequote(,)dnl BUILD_FILEVERSION=`echo "$VERSION" | sed 's/$[0-9.]*$.*/\1./;s/\./,/g'` changequote([,])dnl BUILD_FILEVERSION="${BUILD_FILEVERSION}${BUILD_REVISION}" @@ -219,7 +219,7 @@ fi AC_SUBST(BUILD_REVISION) AC_SUBST(BUILD_TIMESTAMP) AC_SUBST(BUILD_FILEVERSION) -AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", +AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", [Subversion revision used to build this package]) @@ -233,7 +233,7 @@ AC_OUTPUT echo " W32PTH v${VERSION} has been configured as follows: - + Platform: $host " commit 0c2ede66f8404a3c99a7e46cebb166efddaffffd Author: Werner Koch Date: Tue Apr 23 18:31:54 2013 +0200 Allow building with newer mingw versions. * autogen.sh : Try to use i686-w64-mingw32 first. : Allow VPATH build. * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Use i686-w64-mingw32. * pth.h: Include winsock2.h instead of windows.h. Also define sigset_t if needed. * w32-pth.c: Include winsock.h before windows.h. diff --git a/Makefile.am b/Makefile.am index 64b8791..d3ec49d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -22,7 +22,7 @@ ACLOCAL_AMFLAGS = -I m4 AUTOMAKE_OPTIONS = no-dist-gzip dist-bzip2 -DISTCHECK_CONFIGURE_FLAGS = --host=i586-mingw32msvc +DISTCHECK_CONFIGURE_FLAGS = --host=i686-w64-mingw32 EXTRA_DIST = autogen.sh pth-config.in libw32pth.def diff --git a/autogen.sh b/autogen.sh index 92b0ab1..ddaa907 100755 --- a/autogen.sh +++ b/autogen.sh @@ -95,12 +95,12 @@ if [ "$myhost" = "w32" ]; then ;; *) [ -z "$w32root" ] && w32root="$HOME/w32root" - toolprefixes="i586-mingw32msvc i386-mingw32msvc" + toolprefixes="i686-w64-mingw32 i586-mingw32msvc i386-mingw32msvc" extra_options="" ;; esac echo "Using $w32root as standard install directory" >&2 - + crossbindir= for host in $toolprefixes; do if ${host}-gcc --version >/dev/null 2>&1 ; then @@ -127,7 +127,7 @@ if [ "$myhost" = "w32" ]; then fi fi - ./configure --enable-maintainer-mode --prefix=${w32root} \ + $tsdir/configure --enable-maintainer-mode --prefix=${w32root} \ --host=${host} --build=${build} ${extra_options} "$@" exit $? diff --git a/pth.h b/pth.h index 60f4559..b114c05 100644 --- a/pth.h +++ b/pth.h @@ -30,14 +30,23 @@ #error w32pth conflict. A vanilla pth.h has already been included. #endif +#include /* Newer mingw version require this to be + included before windows.h. */ + +/* #include /\* We need this for sockaddr et al. FIXME: too */ +/* heavyweight - may be we should factor such */ +/* code out to a second header and adjust all */ +/* user files to include it only if required. *\/ */ + +/* Mingw64 defines sigset_t only of _POSIX is defined. We don't want + to do define this macro because we are a public header. Thus we + use a bit of mingw64 internal knowledge to declare sigset_t. */ +#include +#if __MINGW64_VERSION_MAJOR >= 2 && !defined(_POSIX) +typedef _sigset_t sigset_t; +#endif /* mingw64 >= 2 */ -#include /* We need this for sockaddr et al. FIXME: too - heavyweight - may be we should factor such - code out to a second header and adjust all - user files to include it only if required. */ -#include /* For sigset_t. */ - #ifndef W32_PTH_HANDLE_INTERNAL #define W32_PTH_HANDLE_INTERNAL int #endif diff --git a/w32-pth.c b/w32-pth.c index 34162e1..e0fcf59 100644 --- a/w32-pth.c +++ b/w32-pth.c @@ -26,6 +26,7 @@ #include +#include #include #include #include ----------------------------------------------------------------------- Summary of changes: Makefile.am | 2 +- NEWS | 12 +++++++----- autogen.sh | 6 +++--- configure.ac | 18 +++++++++--------- pth.h | 19 ++++++++++++++----- w32-pth.c | 1 + 6 files changed, 35 insertions(+), 23 deletions(-) hooks/post-receive -- Pth Emulation for W32 http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 24 01:57:01 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 24 Apr 2013 01:57:01 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-111-g145d672 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 145d672fbf6d528f57cc3987238e380a9acbbd20 (commit) from 40ca0022a7035ce5c3d715f36e0c70f310ea4c61 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 145d672fbf6d528f57cc3987238e380a9acbbd20 Author: NIIBE Yutaka Date: Wed Apr 24 08:36:31 2013 +0900 scd: Add pinpad support for REINER SCT cyberJack go * scd/ccid-driver.c (VENDOR_REINER, CYBERJACK_GO): New. (ccid_transceive_secure): Handle the case for VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change). -- This is revised version which adapts changes of ccid-driver. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index c3a66fa..42a219f 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -212,9 +212,10 @@ enum { VENDOR_OMNIKEY= 0x076b, VENDOR_GEMPC = 0x08e6, VENDOR_VEGA = 0x0982, + VENDOR_REINER = 0x0c4b, VENDOR_KAAN = 0x0d46, + VENDOR_VASCO = 0x1a44, VENDOR_FSIJ = 0x234b, - VENDOR_VASCO = 0x1a44 }; /* Some product ids. */ @@ -227,6 +228,7 @@ enum { #define VASCO_920 0x0920 #define GEMPC_PINPAD 0x3478 #define VEGA_ALPHA 0x0008 +#define CYBERJACK_GO 0x0504 /* A list and a table with special transport descriptions. */ enum { @@ -3376,6 +3378,7 @@ ccid_transceive_secure (ccid_driver_t handle, pininfo->maxlen = 25; enable_varlen = 1; break; + case VENDOR_REINER: /* Tested with cyberJack go */ case VENDOR_VASCO: /* Tested with DIGIPASS 920 */ enable_varlen = 1; break; ----------------------------------------------------------------------- Summary of changes: scd/ccid-driver.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 24 13:21:58 2013 From: cvs at cvs.gnupg.org (by Jedi) Date: Wed, 24 Apr 2013 13:21:58 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-118-g7986eb4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 7986eb454ee3eb627fc3c168be2f2ec25ea97e8d (commit) via e94aee4b77810c58834589b70507e19e341c3c0f (commit) from bfbd0cb9fffefdb1f7d648d85a4c857e0885aa0e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7986eb454ee3eb627fc3c168be2f2ec25ea97e8d Author: Jedi Date: Wed Apr 24 13:02:38 2013 +0200 Point to copies in the master branch for some doc file. -- diff --git a/AUTHORS b/AUTHORS index aff8abb..92f44cb 100644 --- a/AUTHORS +++ b/AUTHORS @@ -6,8 +6,8 @@ Security related bug reports: License: GPLv3+ -Authors -======= +Authors with a FSF copyright assignment +======================================= Ales Nyakhaychyk Translations [be] @@ -125,11 +125,19 @@ Yosiaki IIDA Translations [ja] Yuri Chornoivan, yurchor at ukr dot net: Translations [uk] +Authors with a DCO +================== + +The list of authors who signed the Developer's Certificate of Origin +is kept in the GIT master branch's copy of this file. + + Other authors ============= -The need for copyright disclaimers for translations has been waived in -December 2012. +The need for copyright assignments to the FSF has been waived on +2013-03-29; the need for copyright disclaimers for translations +already in December 2012. The files common/libestream.[ch] are maintained as a separate project by g10 Code GmbH. These files, as used here, are considered part of diff --git a/doc/HACKING b/doc/HACKING index e27bc07..e1b83b7 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -2,6 +2,11 @@ ================================ (Some notes on GNUPG internals.) + ************************************************************ + *** Please see the file HACKING in the GIT master branch *** + *** for up-to-date information. *** + ************************************************************ + * No more ChangeLog files @@ -26,6 +31,7 @@ ChangeLog lines, each with its leading TAB, will not exceed 80 columns. + ===> What follows is probably out of date <=== commit e94aee4b77810c58834589b70507e19e341c3c0f Author: Jedi Date: Wed Apr 24 12:50:28 2013 +0200 Update helper scripts. * compile, config.guess, config.rpath, config.sub, depcomp, * install-sh, mdate-sh, mkinstalldirs: Update to Feb 25 versions from gnulib. diff --git a/scripts/compile b/scripts/compile index c985324..531136b 100755 --- a/scripts/compile +++ b/scripts/compile @@ -1,14 +1,14 @@ #! /bin/sh -# Wrapper for compilers which do not understand `-c -o'. +# Wrapper for compilers which do not understand '-c -o'. -scriptversion=2005-05-14.22 +scriptversion=2012-10-14.11; # UTC -# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3, or (at your option) +# the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, @@ -17,8 +17,8 @@ scriptversion=2005-05-14.22 # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see . -# +# along with this program. If not, see . + # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under @@ -28,21 +28,224 @@ scriptversion=2005-05-14.22 # bugs to or send patches to # . +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"$.*$ " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_dashL linkdir +# Make cl look for libraries in LINKDIR +func_cl_dashL () +{ + func_file_conv "$1" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" +} + +# func_cl_dashl library +# Do a library search-path lookup for cl +func_cl_dashl () +{ + lib=$1 + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + lib=$dir/$lib.dll.lib + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + lib=$dir/$lib.lib + break + fi + if test -f "$dir/lib$lib.a"; then + found=yes + lib=$dir/lib$lib.a + break + fi + done + IFS=$save_IFS + + if test "$found" != yes; then + lib=$lib.lib + fi +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I) + eat=1 + func_file_conv "$2" mingw + set x "$@" -I"$file" + shift + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l) + eat=1 + func_cl_dashl "$2" + set x "$@" "$lib" + shift + ;; + -l*) + func_cl_dashl "${1#-l}" + set x "$@" "$lib" + shift + ;; + -L) + eat=1 + func_cl_dashL "$2" + ;; + -L*) + func_cl_dashL "${1#-L}" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + case $1 in '') - echo "$0: No command. Try \`$0 --help' for more information." 1>&2 + echo "$0: No command. Try '$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: compile [--help] [--version] PROGRAM [ARGS] -Wrapper for compilers which do not understand `-c -o'. -Remove `-o dest.o' from ARGS, run PROGRAM with the remaining +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining arguments, and rename the output as expected. If you are trying to build a whole package this is not the -right script to run: please start by reading the file `INSTALL'. +right script to run: please start by reading the file 'INSTALL'. Report bugs to . EOF @@ -52,11 +255,13 @@ EOF echo "compile $scriptversion" exit $? ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; esac ofile= cfile= -eat= for arg do @@ -65,8 +270,8 @@ do else case $1 in -o) - # configure might choose to run compile as `compile cc -o foo foo.c'. - # So we strip `-o arg' only if arg is an object. + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. eat=1 case $2 in *.o | *.obj) @@ -93,22 +298,22 @@ do done if test -z "$ofile" || test -z "$cfile"; then - # If no `-o' option was seen then we might have been invoked from a + # If no '-o' option was seen then we might have been invoked from a # pattern rule where we don't need one. That is ok -- this is a # normal compilation that the losing compiler can handle. If no - # `.c' file was seen then we are probably linking. That is also + # '.c' file was seen then we are probably linking. That is also # ok. exec "$@" fi # Name of file we expect compiler to create. -cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'` +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` # Create the lock directory. -# Note: use `[/.-]' here to ensure that we don't use the same name +# Note: use '[/\\:.-]' here to ensure that we don't use the same name # that we are using for the .o file. Also, base the name on the expected # object file name, since that is what matters with a parallel build. -lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d while true; do if mkdir "$lockdir" >/dev/null 2>&1; then break @@ -123,9 +328,9 @@ trap "rmdir '$lockdir'; exit 1" 1 2 15 ret=$? if test -f "$cofile"; then - mv "$cofile" "$ofile" + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" elif test -f "${cofile}bj"; then - mv "${cofile}bj" "$ofile" + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" fi rmdir "$lockdir" @@ -137,5 +342,6 @@ exit $ret # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/scripts/config.guess b/scripts/config.guess index d622a44..f475ceb 100755 --- a/scripts/config.guess +++ b/scripts/config.guess @@ -1,14 +1,12 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2012-02-10' +timestamp='2013-02-12' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -22,19 +20,17 @@ timestamp='2012-02-10' # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Originally written by Per Bothner. Please send patches (context -# diff format) to and include a ChangeLog -# entry. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). # -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. +# Originally written by Per Bothner. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# +# Please send patches with a ChangeLog entry to config-patches at gnu.org. + me=`echo "$0" | sed -e 's,.*/,,'` @@ -54,9 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -200,6 +194,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} + exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} @@ -302,7 +300,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; - arm:riscos:*:*|arm:RISCOS:*:*) + arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) @@ -801,6 +799,9 @@ EOF i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; + *:MINGW64*:*) + echo ${UNAME_MACHINE}-pc-mingw64 + exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; @@ -952,6 +953,9 @@ EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; + or1k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; or32:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; @@ -1201,6 +1205,9 @@ EOF BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1256,7 +1263,7 @@ EOF NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; - NSE-?:NONSTOP_KERNEL:*:*) + NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) @@ -1330,9 +1337,6 @@ EOF exit ;; esac -#echo '(No uname command or uname output not recognized.)' 1>&2 -#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 - eval $set_cc_for_build cat >$dummy.c <, 1996 # @@ -25,7 +25,7 @@ # known workaround is to choose shorter directory names for the build # directory and/or the installation directory. -# All known linkers require a `.a' archive for static linking (except MSVC, +# All known linkers require a '.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a shrext=.so @@ -47,7 +47,7 @@ for cc_temp in $CC""; do done cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'` -# Code taken from libtool.m4's AC_LIBTOOL_PROG_COMPILER_PIC. +# Code taken from libtool.m4's _LT_COMPILER_PIC. wl= if test "$GCC" = yes; then @@ -57,14 +57,7 @@ else aix*) wl='-Wl,' ;; - darwin*) - case $cc_basename in - xlc*) - wl='-Wl,' - ;; - esac - ;; - mingw* | cygwin* | pw32* | os2*) + mingw* | cygwin* | pw32* | os2* | cegcc*) ;; hpux9* | hpux10* | hpux11*) wl='-Wl,' @@ -72,24 +65,37 @@ else irix5* | irix6* | nonstopux*) wl='-Wl,' ;; - newsos6) - ;; - linux* | k*bsd*-gnu) + linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in - icc* | ecc*) + ecc*) wl='-Wl,' ;; - pgcc | pgf77 | pgf90) + icc* | ifort*) + wl='-Wl,' + ;; + lf95*) + wl='-Wl,' + ;; + nagfor*) + wl='-Wl,-Wl,,' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) wl='-Wl,' ;; ccc*) wl='-Wl,' ;; + xl* | bgxl* | bgf* | mpixl*) + wl='-Wl,' + ;; como) wl='-lopt=' ;; *) case `$CC -V 2>&1 | sed 5q` in + *Sun\ F* | *Sun*Fortran*) + wl= + ;; *Sun\ C*) wl='-Wl,' ;; @@ -97,13 +103,24 @@ else ;; esac ;; + newsos6) + ;; + *nto* | *qnx*) + ;; osf3* | osf4* | osf5*) wl='-Wl,' ;; rdos*) ;; solaris*) - wl='-Wl,' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + wl='-Qoption ld ' + ;; + *) + wl='-Wl,' + ;; + esac ;; sunos4*) wl='-Qoption ld ' @@ -124,7 +141,7 @@ else esac fi -# Code taken from libtool.m4's AC_LIBTOOL_PROG_LD_SHLIBS. +# Code taken from libtool.m4's _LT_LINKER_SHLIBS. hardcode_libdir_flag_spec= hardcode_libdir_separator= @@ -132,7 +149,7 @@ hardcode_direct=no hardcode_minus_L=no case "$host_os" in - cygwin* | mingw* | pw32*) + cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. @@ -158,22 +175,21 @@ if test "$with_gnu_ld" = yes; then # option of GNU ld is called -rpath, not --rpath. hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' case "$host_os" in - aix3* | aix4* | aix5*) + aix[3-9]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs=no fi ;; amigaos*) - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - # Samuel A. Falvo II reports - # that the semantics of dynamic libraries on AmigaOS, at least up - # to version 4, is to share data among multiple programs linked - # with the same dynamic library. Since this doesn't match the - # behavior of shared libraries on other platforms, we cannot use - # them. - ld_shlibs=no + case "$host_cpu" in + powerpc) + ;; + m68k) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac ;; beos*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then @@ -182,7 +198,7 @@ if test "$with_gnu_ld" = yes; then ld_shlibs=no fi ;; - cygwin* | mingw* | pw32*) + cygwin* | mingw* | pw32* | cegcc*) # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' @@ -192,11 +208,13 @@ if test "$with_gnu_ld" = yes; then ld_shlibs=no fi ;; + haiku*) + ;; interix[3-9]*) hardcode_direct=no hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; - gnu* | linux* | k*bsd*-gnu) + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then : else @@ -254,7 +272,7 @@ else hardcode_direct=unsupported fi ;; - aix4* | aix5*) + aix[4-9]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. @@ -264,7 +282,7 @@ else # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. - case $host_os in aix4.[23]|aix4.[23].*|aix5*) + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes @@ -319,14 +337,18 @@ else fi ;; amigaos*) - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - # see comment about different semantics on the GNU ld section - ld_shlibs=no + case "$host_cpu" in + powerpc) + ;; + m68k) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac ;; bsdi[45]*) ;; - cygwin* | mingw* | pw32*) + cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is @@ -336,24 +358,15 @@ else ;; darwin* | rhapsody*) hardcode_direct=no - if test "$GCC" = yes ; then + if { case $cc_basename in ifort*) true;; *) test "$GCC" = yes;; esac; }; then : else - case $cc_basename in - xlc*) - ;; - *) - ld_shlibs=no - ;; - esac + ld_shlibs=no fi ;; dgux*) hardcode_libdir_flag_spec='-L$libdir' ;; - freebsd1*) - ld_shlibs=no - ;; freebsd2.2*) hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes @@ -414,6 +427,8 @@ else hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; + *nto* | *qnx*) + ;; openbsd*) if test -f /usr/libexec/ld.so; then hardcode_direct=yes @@ -494,7 +509,7 @@ else fi # Check dynamic linker characteristics -# Code taken from libtool.m4's AC_LIBTOOL_SYS_DYNAMIC_LINKER. +# Code taken from libtool.m4's _LT_SYS_DYNAMIC_LINKER. # Unlike libtool.m4, here we don't care about _all_ names of the library, but # only about the one the linker finds when passed -lNAME. This is the last # element of library_names_spec in libtool.m4, or possibly two of them if the @@ -505,11 +520,16 @@ case "$host_os" in aix3*) library_names_spec='$libname.a' ;; - aix4* | aix5*) + aix[4-9]*) library_names_spec='$libname$shrext' ;; amigaos*) - library_names_spec='$libname.a' + case "$host_cpu" in + powerpc*) + library_names_spec='$libname$shrext' ;; + m68k) + library_names_spec='$libname.a' ;; + esac ;; beos*) library_names_spec='$libname$shrext' @@ -517,7 +537,7 @@ case "$host_os" in bsdi[45]*) library_names_spec='$libname$shrext' ;; - cygwin* | mingw* | pw32*) + cygwin* | mingw* | pw32* | cegcc*) shrext=.dll library_names_spec='$libname.dll.a $libname.lib' ;; @@ -528,8 +548,6 @@ case "$host_os" in dgux*) library_names_spec='$libname$shrext' ;; - freebsd1*) - ;; freebsd* | dragonfly*) case "$host_os" in freebsd[123]*) @@ -541,6 +559,9 @@ case "$host_os" in gnu*) library_names_spec='$libname$shrext' ;; + haiku*) + library_names_spec='$libname$shrext' + ;; hpux9* | hpux10* | hpux11*) case $host_cpu in ia64*) @@ -576,7 +597,7 @@ case "$host_os" in ;; linux*oldld* | linux*aout* | linux*coff*) ;; - linux* | k*bsd*-gnu) + linux* | k*bsd*-gnu | kopensolaris*-gnu) library_names_spec='$libname$shrext' ;; knetbsd*-gnu) @@ -588,7 +609,7 @@ case "$host_os" in newsos6) library_names_spec='$libname$shrext' ;; - nto-qnx*) + *nto* | *qnx*) library_names_spec='$libname$shrext' ;; openbsd*) @@ -619,6 +640,9 @@ case "$host_os" in sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) library_names_spec='$libname$shrext' ;; + tpf*) + library_names_spec='$libname$shrext' + ;; uts4*) library_names_spec='$libname$shrext' ;; diff --git a/scripts/config.sub b/scripts/config.sub index c894da4..872199a 100755 --- a/scripts/config.sub +++ b/scripts/config.sub @@ -1,24 +1,18 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2012-02-10' +timestamp='2013-02-12' -# This file is (in principle) common to ALL GNU software. -# The presence of a machine in this file suggests that SOME GNU software -# can handle that machine. It does not imply ALL GNU software can. -# -# This file is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -26,11 +20,12 @@ timestamp='2012-02-10' # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches to . Submit a context -# diff and a properly formatted GNU ChangeLog entry. +# Please send patches with a ChangeLog entry to config-patches at gnu.org. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -73,9 +68,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -123,7 +116,7 @@ esac maybe_os=`echo $1 | sed 's/^$.*$-$[^-]*-[^-]*$$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) @@ -156,7 +149,7 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze) + -apple | -axis | -knuth | -cray | -microblaze*) os= basic_machine=$1 ;; @@ -225,6 +218,12 @@ case $os in -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; + -lynx*178) + os=-lynxos178 + ;; + -lynx*5) + os=-lynxos5 + ;; -lynx*) os=-lynxos ;; @@ -253,8 +252,10 @@ case $basic_machine in | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ - | be32 | be64 \ + | arc \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | be32 | be64 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ @@ -267,7 +268,7 @@ case $basic_machine in | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep | metag \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -285,16 +286,17 @@ case $basic_machine in | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ - | nios | nios2 \ + | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ | open8 \ - | or32 \ + | or1k | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ @@ -383,7 +385,8 @@ case $basic_machine in | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -401,12 +404,13 @@ case $basic_machine in | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ | orion-* \ @@ -782,9 +786,13 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; - microblaze) + microblaze*) basic_machine=microblaze-xilinx ;; + mingw64) + basic_machine=x86_64-pc + os=-mingw64 + ;; mingw32) basic_machine=i386-pc os=-mingw32 @@ -1013,7 +1021,11 @@ case $basic_machine in basic_machine=i586-unknown os=-pw32 ;; - rdos) + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) basic_machine=i386-pc os=-rdos ;; @@ -1340,21 +1352,21 @@ case $os in -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* \ + | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -openbsd* | -solidbsd* \ + | -bitrig* | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-uclibc* \ + | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ @@ -1486,9 +1498,6 @@ case $os in -aros*) os=-aros ;; - -kaos*) - os=-kaos - ;; -zvmoe) os=-zvmoe ;; @@ -1537,6 +1546,9 @@ case $basic_machine in c4x-* | tic4x-*) os=-coff ;; + hexagon-*) + os=-elf + ;; tic54x-*) os=-coff ;; @@ -1577,6 +1589,9 @@ case $basic_machine in mips*-*) os=-elf ;; + or1k-*) + os=-elf + ;; or32-*) os=-coff ;; diff --git a/scripts/depcomp b/scripts/depcomp index e1c6e34..91d4bf8 100755 --- a/scripts/depcomp +++ b/scripts/depcomp @@ -1,14 +1,13 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2006-10-15.18 +scriptversion=2012-10-18.11; # UTC -# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006 Free Software -# Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3, or (at your option) +# the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, @@ -17,7 +16,7 @@ scriptversion=2006-10-15.18 # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program; if not, see . +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -28,9 +27,9 @@ scriptversion=2006-10-15.18 case $1 in '') - echo "$0: No command. Try \`$0 --help' for more information." 1>&2 - exit 1; - ;; + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; -h | --h*) cat <<\EOF Usage: depcomp [--help] [--version] PROGRAM [ARGS] @@ -40,11 +39,11 @@ as side-effects. Environment variables: depmode Dependency tracking mode. - source Source file read by `PROGRAMS ARGS'. - object Object file output by `PROGRAMS ARGS'. + source Source file read by 'PROGRAMS ARGS'. + object Object file output by 'PROGRAMS ARGS'. DEPDIR directory where to store dependencies. depfile Dependency file to output. - tmpdepfile Temporary file to use when outputing dependencies. + tmpdepfile Temporary file to use when outputting dependencies. libtool Whether libtool is used (yes/no). Report bugs to . @@ -57,6 +56,66 @@ EOF ;; esac +# Get the directory component of the given path, and save it in the +# global variables '$dir'. Note that this directory component will +# be either empty or ending with a '/' character. This is deliberate. +set_dir_from () +{ + case $1 in + */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;; + *) dir=;; + esac +} + +# Get the suffix-stripped basename of the given path, and save it the +# global variable '$base'. +set_base_from () +{ + base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'` +} + +# If no dependency file was actually created by the compiler invocation, +# we still have to create a dummy depfile, to avoid errors with the +# Makefile "include basename.Plo" scheme. +make_dummy_depfile () +{ + echo "#dummy" > "$depfile" +} + +# Factor out some common post-processing of the generated depfile. +# Requires the auxiliary global variable '$tmpdepfile' to be set. +aix_post_process_depfile () +{ + # If the compiler actually managed to produce a dependency file, + # post-process it. + if test -f "$tmpdepfile"; then + # Each line is of the form 'foo.o: dependency.h'. + # Do two passes, one to just change these to + # $object: dependency.h + # and one to simply output + # dependency.h: + # which is needed to avoid the deleted-header problem. + { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile" + sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile" + } > "$depfile" + rm -f "$tmpdepfile" + else + make_dummy_depfile + fi +} + +# A tabulation character. +tab=' ' +# A newline character. +nl=' +' +# Character ranges might be problematic outside the C locale. +# These definitions help. +upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ +lower=abcdefghijklmnopqrstuvwxyz +digits=0123456789 +alpha=${upper}${lower} + if test -z "$depmode" || test -z "$source" || test -z "$object"; then echo "depcomp: Variables source, object and depmode must be set" 1>&2 exit 1 @@ -69,6 +128,9 @@ tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.$[^.]*$$/.T\1/'`} rm -f "$tmpdepfile" +# Avoid interferences from the environment. +gccflag= dashmflag= + # Some modes work just like other modes, but use different flags. We # parameterize here, but still list the modes in the big case below, # to make depend.m4 easier to write. Note that we *cannot* use a case @@ -80,9 +142,32 @@ if test "$depmode" = hp; then fi if test "$depmode" = dashXmstdout; then - # This is just like dashmstdout with a different argument. - dashmflag=-xM - depmode=dashmstdout + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvisualcpp +fi + +if test "$depmode" = msvc7msys; then + # This is just like msvc7 but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvc7 +fi + +if test "$depmode" = xlc; then + # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. + gccflag=-qmakedep=gcc,-MF + depmode=gcc fi case "$depmode" in @@ -105,8 +190,7 @@ gcc3) done "$@" stat=$? - if test $stat -eq 0; then : - else + if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi @@ -114,13 +198,17 @@ gcc3) ;; gcc) +## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. +## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. +## (see the conditional assignment to $gccflag above). ## There are various ways to get dependency output from gcc. Here's ## why we pick this rather obscure method: ## - Don't want to use -MD because we'd like the dependencies to end ## up in a subdir. Having to rename by hand is ugly. ## (We might end up doing this anyway to support other compilers.) ## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like -## -MM, not -M (despite what the docs say). +## -MM, not -M (despite what the docs say). Also, it might not be +## supported by the other compilers which use the 'gcc' depmode. ## - Using -M directly means running the compiler twice (even worse ## than renaming). if test -z "$gccflag"; then @@ -128,31 +216,31 @@ gcc) fi "$@" -Wp,"$gccflag$tmpdepfile" stat=$? - if test $stat -eq 0; then : - else + if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" - alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz -## The second -e expression handles DOS-style file names with drive letters. + # The second -e expression handles DOS-style file names with drive + # letters. sed -e 's/^[^:]*: / /' \ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" -## This next piece of magic avoids the `deleted header file' problem. +## This next piece of magic avoids the "deleted header file" problem. ## The problem is that when a header file which appears in a .P file ## is deleted, the dependency causes make to die (because there is ## typically no way to rebuild the header). We avoid this by adding ## dummy dependencies for each header file. Too bad gcc doesn't do ## this for us directly. - tr ' ' ' -' < "$tmpdepfile" | -## Some versions of gcc put a space before the `:'. On the theory +## Some versions of gcc put a space before the ':'. On the theory ## that the space means something, we add a space to the output as -## well. +## well. hp depmode also adds that space, but also prefixes the VPATH +## to the object. Take care to not repeat it in the output. ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. - sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; @@ -163,115 +251,136 @@ hp) exit 1 ;; -sgi) - if test "$libtool" = yes; then - "$@" "-Wp,-MDupdate,$tmpdepfile" - else - "$@" -MDupdate "$tmpdepfile" - fi - stat=$? - if test $stat -eq 0; then : - else - rm -f "$tmpdepfile" - exit $stat - fi - rm -f "$depfile" - - if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files - echo "$object : \\" > "$depfile" - - # Clip off the initial element (the dependent). Don't try to be - # clever and replace this with sed code, as IRIX sed won't handle - # lines with more than a fixed number of characters (4096 in - # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; - # the IRIX cc adds comments like `#:fec' to the end of the - # dependency line. - tr ' ' ' -' < "$tmpdepfile" \ - | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ - tr ' -' ' ' >> $depfile - echo >> $depfile - - # The second pass generates a dummy entry for each header file. - tr ' ' ' -' < "$tmpdepfile" \ - | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ - >> $depfile - else - # The sourcefile does not contain any dependencies, so just - # store a dummy comment line, to avoid errors with the Makefile - # "include basename.Plo" scheme. - echo "#dummy" > "$depfile" - fi - rm -f "$tmpdepfile" +xlc) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 ;; aix) # The C for AIX Compiler uses -M and outputs the dependencies # in a .u file. In older versions, this file always lives in the - # current directory. Also, the AIX compiler puts `$object:' at the + # current directory. Also, the AIX compiler puts '$object:' at the # start of each line; $object doesn't have directory information. # Version 6 uses the directory in both cases. - stripped=`echo "$object" | sed 's/$.*$\..*$/\1/'` - tmpdepfile="$stripped.u" + set_dir_from "$object" + set_base_from "$object" if test "$libtool" = yes; then + tmpdepfile1=$dir$base.u + tmpdepfile2=$base.u + tmpdepfile3=$dir.libs/$base.u "$@" -Wc,-M else + tmpdepfile1=$dir$base.u + tmpdepfile2=$dir$base.u + tmpdepfile3=$dir$base.u "$@" -M fi stat=$? - - if test -f "$tmpdepfile"; then : - else - stripped=`echo "$stripped" | sed 's,^.*/,,'` - tmpdepfile="$stripped.u" + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat fi - if test $stat -eq 0; then : - else + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + aix_post_process_depfile + ;; + +tcc) + # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26 + # FIXME: That version still under development at the moment of writing. + # Make that this statement remains true also for stable, released + # versions. + # It will wrap lines (doesn't matter whether long or short) with a + # trailing '\', as in: + # + # foo.o : \ + # foo.c \ + # foo.h \ + # + # It will put a trailing '\' even on the last line, and will use leading + # spaces rather than leading tabs (at least since its commit 0394caf7 + # "Emit spaces for -MD"). + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi - - if test -f "$tmpdepfile"; then - outname="$stripped.o" - # Each line is of the form `foo.o: dependent.h'. - # Do two passes, one to just change these to - # `$object: dependent.h' and one to simply `dependent.h:'. - sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile" - sed -e "s,^$outname: $.*$$,\1:," < "$tmpdepfile" >> "$depfile" - else - # The sourcefile does not contain any dependencies, so just - # store a dummy comment line, to avoid errors with the Makefile - # "include basename.Plo" scheme. - echo "#dummy" > "$depfile" - fi + rm -f "$depfile" + # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'. + # We have to change lines of the first kind to '$object: \'. + sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile" + # And for each line of the second kind, we have to emit a 'dep.h:' + # dummy dependency, to avoid the deleted-header problem. + sed -n -e 's|^ *$.*$ *\\$|\1:|p' < "$tmpdepfile" >> "$depfile" rm -f "$tmpdepfile" ;; -icc) - # Intel's C compiler understands `-MD -MF file'. However on - # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c - # ICC 7.0 will fill foo.d with something like - # foo.o: sub/foo.c - # foo.o: sub/foo.h - # which is wrong. We want: - # sub/foo.o: sub/foo.c - # sub/foo.o: sub/foo.h - # sub/foo.c: - # sub/foo.h: - # ICC 7.1 will output +## The order of this option in the case statement is important, since the +## shell code in configure will try each of these formats in the order +## listed in this file. A plain '-MD' option would be understood by many +## compilers, so we must ensure this comes after the gcc and icc options. +pgcc) + # Portland's C compiler understands '-MD'. + # Will always output deps to 'file.d' where file is the root name of the + # source file under compilation, even if file resides in a subdirectory. + # The object file name does not affect the name of the '.d' file. + # pgcc 10.2 will output # foo.o: sub/foo.c sub/foo.h - # and will wrap long lines using \ : + # and will wrap long lines using '\' : # foo.o: sub/foo.c ... \ # sub/foo.h ... \ # ... + set_dir_from "$object" + # Use the source, not the object, to determine the base name, since + # that's sadly what pgcc will do too. + set_base_from "$source" + tmpdepfile=$base.d + + # For projects that build the same source file twice into different object + # files, the pgcc approach of using the *source* file root name can cause + # problems in parallel builds. Use a locking strategy to avoid stomping on + # the same $tmpdepfile. + lockdir=$base.d-lock + trap " + echo '$0: caught signal, cleaning up...' >&2 + rmdir '$lockdir' + exit 1 + " 1 2 13 15 + numtries=100 + i=$numtries + while test $i -gt 0; do + # mkdir is a portable test-and-set. + if mkdir "$lockdir" 2>/dev/null; then + # This process acquired the lock. + "$@" -MD + stat=$? + # Release the lock. + rmdir "$lockdir" + break + else + # If the lock is being held by a different process, wait + # until the winning process is done or we timeout. + while test -d "$lockdir" && test $i -gt 0; do + sleep 1 + i=`expr $i - 1` + done + fi + i=`expr $i - 1` + done + trap - 1 2 13 15 + if test $i -le 0; then + echo "$0: failed to acquire lock after $numtries attempts" >&2 + echo "$0: check lockdir '$lockdir'" >&2 + exit 1 + fi - "$@" -MD -MF "$tmpdepfile" - stat=$? - if test $stat -eq 0; then : - else + if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi @@ -283,8 +392,8 @@ icc) sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" # Some versions of the HPUX 10.20 sed can't process this invocation # correctly. Breaking it into two sed invocations is a workaround. - sed 's,^[^:]*: $.*$$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" | - sed -e 's/$/ :/' >> "$depfile" + sed 's,^[^:]*: $.*$$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \ + | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; @@ -295,9 +404,8 @@ hp2) # 'foo.d', which lands next to the object file, wherever that # happens to be. # Much of this is similar to the tru64 case; see comments there. - dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` - test "x$dir" = "x$object" && dir= - base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + set_dir_from "$object" + set_base_from "$object" if test "$libtool" = yes; then tmpdepfile1=$dir$base.d tmpdepfile2=$dir.libs/$base.d @@ -308,8 +416,7 @@ hp2) "$@" +Maked fi stat=$? - if test $stat -eq 0; then : - else + if test $stat -ne 0; then rm -f "$tmpdepfile1" "$tmpdepfile2" exit $stat fi @@ -319,72 +426,106 @@ hp2) test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then - sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" - # Add `dependent.h:' lines. - sed -ne '2,${; s/^ *//; s/ \\*$//; s/$/:/; p;}' "$tmpdepfile" >> "$depfile" + sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile" + # Add 'dependent.h:' lines. + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" else - echo "#dummy" > "$depfile" + make_dummy_depfile fi rm -f "$tmpdepfile" "$tmpdepfile2" ;; tru64) - # The Tru64 compiler uses -MD to generate dependencies as a side - # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. - # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put - # dependencies in `foo.d' instead, so we check for that too. - # Subdirectories are respected. - dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` - test "x$dir" = "x$object" && dir= - base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` - - if test "$libtool" = yes; then - # With Tru64 cc, shared objects can also be used to make a - # static library. This mechanism is used in libtool 1.4 series to - # handle both shared and static libraries in a single compilation. - # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d. - # - # With libtool 1.5 this exception was removed, and libtool now - # generates 2 separate objects for the 2 libraries. These two - # compilations output dependencies in $dir.libs/$base.o.d and - # in $dir$base.o.d. We have to check for both files, because - # one of the two compilations can be disabled. We should prefer - # $dir$base.o.d over $dir.libs/$base.o.d because the latter is - # automatically cleaned when .libs/ is deleted, while ignoring - # the former would cause a distcleancheck panic. - tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4 - tmpdepfile2=$dir$base.o.d # libtool 1.5 - tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5 - tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504 - "$@" -Wc,-MD - else - tmpdepfile1=$dir$base.o.d - tmpdepfile2=$dir$base.d - tmpdepfile3=$dir$base.d - tmpdepfile4=$dir$base.d - "$@" -MD - fi - - stat=$? - if test $stat -eq 0; then : - else - rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" - exit $stat - fi - - for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" - do - test -f "$tmpdepfile" && break - done - if test -f "$tmpdepfile"; then - sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" - # That's a tab and a space in the []. - sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" - else - echo "#dummy" > "$depfile" - fi - rm -f "$tmpdepfile" - ;; + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in 'foo.d' instead, so we check for that too. + # Subdirectories are respected. + set_dir_from "$object" + set_base_from "$object" + + if test "$libtool" = yes; then + # Libtool generates 2 separate objects for the 2 libraries. These + # two compilations output dependencies in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir$base.o.d # libtool 1.5 + tmpdepfile2=$dir.libs/$base.o.d # Likewise. + tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + # Same post-processing that is required for AIX mode. + aix_post_process_depfile + ;; + +msvc7) + if test "$libtool" = yes; then + showIncludes=-Wc,-showIncludes + else + showIncludes=-showIncludes + fi + "$@" $showIncludes > "$tmpdepfile" + stat=$? + grep -v '^Note: including file: ' "$tmpdepfile" + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The first sed program below extracts the file names and escapes + # backslashes for cygpath. The second sed program outputs the file + # name when reading, but also accumulates all include files in the + # hold buffer in order to output them again at the end. This only + # works with sed implementations that can handle large buffers. + sed < "$tmpdepfile" -n ' +/^Note: including file: *$.*$/ { + s//\1/ + s/\\/\\\\/g + p +}' | $cygpath_u | sort -u | sed -n ' +s/ /\\ /g +s/$.*$/'"$tab"'\1 \\/p +s/.$.*$ \\/\1:/ +H +$ { + s/.*/'"$tab"'/ + G + p +}' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvc7msys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; #nosideeffect) # This comment above is used by automake to tell side-effect @@ -397,13 +538,13 @@ dashmstdout) # Remove the call to Libtool. if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift fi - # Remove `-o $object'. + # Remove '-o $object'. IFS=" " for arg do @@ -423,18 +564,18 @@ dashmstdout) done test -z "$dashmflag" && dashmflag=-M - # Require at least two characters before searching for `:' + # Require at least two characters before searching for ':' # in the target name. This is to cope with DOS-style filenames: - # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise. + # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. "$@" $dashmflag | - sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" + sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" - tr ' ' ' -' < "$tmpdepfile" | \ -## Some versions of the HPUX 10.20 sed can't process this invocation -## correctly. Breaking it into two sed invocations is a workaround. - sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + # Some versions of the HPUX 10.20 sed can't process this sed invocation + # correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; @@ -448,41 +589,51 @@ makedepend) "$@" || exit $? # Remove any Libtool call if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift fi # X makedepend shift - cleared=no - for arg in "$@"; do + cleared=no eat=no + for arg + do case $cleared in no) set ""; shift cleared=yes ;; esac + if test $eat = yes; then + eat=no + continue + fi case "$arg" in -D*|-I*) set fnord "$@" "$arg"; shift ;; # Strip any option that makedepend may not understand. Remove # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; -*|$object) ;; *) set fnord "$@" "$arg"; shift ;; esac done - obj_suffix="`echo $object | sed 's/^.*\././'`" + obj_suffix=`echo "$object" | sed 's/^.*\././'` touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" - cat < "$tmpdepfile" > "$depfile" - sed '1,2d' "$tmpdepfile" | tr ' ' ' -' | \ -## Some versions of the HPUX 10.20 sed can't process this invocation -## correctly. Breaking it into two sed invocations is a workaround. - sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + # makedepend may prepend the VPATH from the source file name to the object. + # No need to regex-escape $object, excess matching of '.' is harmless. + sed "s|^.*$$object *:$|\1|" "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process the last invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed '1,2d' "$tmpdepfile" \ + | tr ' ' "$nl" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" "$tmpdepfile".bak ;; @@ -493,13 +644,13 @@ cpp) # Remove the call to Libtool. if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift fi - # Remove `-o $object'. + # Remove '-o $object'. IFS=" " for arg do @@ -518,10 +669,10 @@ cpp) esac done - "$@" -E | - sed -n -e '/^# [0-9][0-9]* "$[^"]*$".*/ s:: \1 \\:p' \ - -e '/^#line [0-9][0-9]* "$[^"]*$".*/ s:: \1 \\:p' | - sed '$ s: \\$::' > "$tmpdepfile" + "$@" -E \ + | sed -n -e '/^# [0-9][0-9]* "$[^"]*$".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "$[^"]*$".*/ s:: \1 \\:p' \ + | sed '$ s: \\$::' > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" cat < "$tmpdepfile" >> "$depfile" @@ -531,35 +682,56 @@ cpp) msvisualcpp) # Important note: in order to support this mode, a compiler *must* - # always write the preprocessed file to stdout, regardless of -o, - # because we must use -o when running libtool. + # always write the preprocessed file to stdout. "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + IFS=" " for arg do case "$arg" in + -o) + shift + ;; + $object) + shift + ;; "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") - set fnord "$@" - shift - shift - ;; + set fnord "$@" + shift + shift + ;; *) - set fnord "$@" "$arg" - shift - shift - ;; + set fnord "$@" "$arg" + shift + shift + ;; esac done - "$@" -E | - sed -n '/^#line [0-9][0-9]* "$[^"]*$"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile" + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "$[^"]*$"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" - . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^$.*$$/ s:: \1 \\:p' >> "$depfile" - echo " " >> "$depfile" - . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^$.*$$/ s::\1\::p' >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^$.*$$/ s::'"$tab"'\1 \\:p' >> "$depfile" + echo "$tab" >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^$.*$$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + none) exec "$@" ;; @@ -578,5 +750,6 @@ exit 0 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/scripts/install-sh b/scripts/install-sh index 4fbbae7..377bb86 100755 --- a/scripts/install-sh +++ b/scripts/install-sh @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2006-10-14.15 +scriptversion=2011-11-20.07; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -35,7 +35,7 @@ scriptversion=2006-10-14.15 # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it +# 'make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written @@ -48,7 +48,7 @@ IFS=" "" $nl" # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. -doit="${DOITPROG-}" +doit=${DOITPROG-} if test -z "$doit"; then doit_exec=exec else @@ -58,34 +58,49 @@ fi # Put in absolute file names if you don't have them in your path; # or use environment vars. -mvprog="${MVPROG-mv}" -cpprog="${CPPROG-cp}" -chmodprog="${CHMODPROG-chmod}" -chownprog="${CHOWNPROG-chown}" -chgrpprog="${CHGRPPROG-chgrp}" -stripprog="${STRIPPROG-strip}" -rmprog="${RMPROG-rm}" -mkdirprog="${MKDIRPROG-mkdir}" +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' -posix_glob= posix_mkdir= # Desired mode of installed file. mode=0755 +chgrpcmd= chmodcmd=$chmodprog chowncmd= -chgrpcmd= -stripcmd= +mvcmd=$mvprog rmcmd="$rmprog -f" -mvcmd="$mvprog" +stripcmd= + src= dst= dir_arg= -dstarg= +dst_arg= + +copy_on_change=false no_target_directory= -usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... @@ -95,65 +110,59 @@ In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: --c (ignored) --d create directories instead of installing files. --g GROUP $chgrpprog installed files to GROUP. --m MODE $chmodprog installed files to MODE. --o USER $chownprog installed files to USER. --s $stripprog installed files. --t DIRECTORY install into DIRECTORY. --T report an error if DSTFILE is a directory. ---help display this help and exit. ---version display version info and exit. + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. Environment variables override the default commands: - CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG " while test $# -ne 0; do case $1 in - -c) shift - continue;; + -c) ;; - -d) dir_arg=true - shift - continue;; + -C) copy_on_change=true;; + + -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; + shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 - shift - shift case $mode in *' '* | *' '* | *' '* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac - continue;; + shift;; -o) chowncmd="$chownprog $2" - shift - shift - continue;; + shift;; - -s) stripcmd=$stripprog - shift - continue;; + -s) stripcmd=$stripprog;; - -t) dstarg=$2 - shift - shift - continue;; + -t) dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=!]) dst_arg=./$dst_arg;; + esac + shift;; - -T) no_target_directory=true - shift - continue;; + -T) no_target_directory=true;; --version) echo "$0 $scriptversion"; exit $?;; @@ -165,21 +174,26 @@ while test $# -ne 0; do *) break;; esac + shift done -if test $# -ne 0 && test -z "$dir_arg$dstarg"; then +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do - if test -n "$dstarg"; then + if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. - set fnord "$@" "$dstarg" + set fnord "$@" "$dst_arg" shift # fnord fi shift # arg - dstarg=$arg + dst_arg=$arg + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=!]) dst_arg=./$dst_arg;; + esac done fi @@ -188,13 +202,17 @@ if test $# -eq 0; then echo "$0: no input file specified." >&2 exit 1 fi - # It's OK to call `install-sh -d' without argument. + # It's OK to call 'install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then - trap '(exit $?); exit' 1 2 13 15 + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. @@ -222,9 +240,9 @@ fi for src do - # Protect names starting with `-'. + # Protect names problematic for 'test' and other utilities. case $src in - -*) src=./$src ;; + -* | [=!]) src=./$src;; esac if test -n "$dir_arg"; then @@ -242,22 +260,17 @@ do exit 1 fi - if test -z "$dstarg"; then + if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi - - dst=$dstarg - # Protect names starting with `-'. - case $dst in - -*) dst=./$dst ;; - esac + dst=$dst_arg # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test -n "$no_target_directory"; then - echo "$0: $dstarg: Is a directory" >&2 + echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst @@ -341,7 +354,7 @@ do if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writeable bit of parent directory when it shouldn't. + # other-writable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in @@ -378,33 +391,26 @@ do # directory the slow way, step by step, checking for races as we go. case $dstdir in - /*) prefix=/ ;; - -*) prefix=./ ;; - *) prefix= ;; + /*) prefix='/';; + [-=!]*) prefix='./';; + *) prefix='';; esac - case $posix_glob in - '') - if (set -f) 2>/dev/null; then - posix_glob=true - else - posix_glob=false - fi ;; - esac + eval "$initialize_posix_glob" oIFS=$IFS IFS=/ - $posix_glob && set -f + $posix_glob set -f set fnord $dstdir shift - $posix_glob && set +f + $posix_glob set +f IFS=$oIFS prefixes= for d do - test -z "$d" && continue + test X"$d" = X && continue prefix=$prefix$d if test -d "$prefix"; then @@ -459,41 +465,54 @@ do # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # - { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \ - && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \ - && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \ - && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && - - # Now rename the file to the real destination. - { $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null \ - || { - # The rename failed, perhaps because mv can't rename something else - # to itself, or perhaps because mv is so ancient that it does not - # support -f. - - # Now remove or move aside any old file at destination location. - # We try this two ways since rm can't unlink itself on some - # systems and the destination file might be busy for other - # reasons. In this case, the final cleanup might fail but the new - # file should still install successfully. - { - if test -f "$dst"; then - $doit $rmcmd -f "$dst" 2>/dev/null \ - || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null \ - && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }; }\ - || { - echo "$0: cannot unlink or rename $dst" >&2 - (exit 1); exit 1 - } - else - : - fi - } && - - # Now rename the file to the real destination. - $doit $mvcmd "$dsttmp" "$dst" - } - } || exit 1 + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && + + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 trap '' 0 fi @@ -503,5 +522,6 @@ done # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/scripts/mdate-sh b/scripts/mdate-sh index 9a6d216..b3719cf 100755 --- a/scripts/mdate-sh +++ b/scripts/mdate-sh @@ -1,10 +1,9 @@ #!/bin/sh # Get modification time of a file or directory and pretty-print it. -scriptversion=2005-06-29.22 +scriptversion=2010-08-21.06; # UTC -# Copyright (C) 1995, 1996, 1997, 2003, 2004, 2005 Free Software -# Foundation, Inc. +# Copyright (C) 1995-2013 Free Software Foundation, Inc. # written by Ulrich Drepper , June 1995 # # This program is free software; you can redistribute it and/or modify @@ -18,7 +17,8 @@ scriptversion=2005-06-29.22 # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see . +# along with this program. If not, see . + # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under @@ -28,16 +28,26 @@ scriptversion=2005-06-29.22 # bugs to or send patches to # . +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +fi + case $1 in '') - echo "$0: No file. Try \`$0 --help' for more information." 1>&2 + echo "$0: No file. Try '$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: mdate-sh [--help] [--version] FILE -Pretty-print the modification time of FILE. +Pretty-print the modification day of FILE, in the format: +1 January 1970 Report bugs to . EOF @@ -49,6 +59,13 @@ EOF ;; esac +error () +{ + echo "$0: $1" >&2 + exit 1 +} + + # Prevent date giving response in another language. LANG=C export LANG @@ -58,7 +75,7 @@ LC_TIME=C export LC_TIME # GNU ls changes its time format in response to the TIME_STYLE -# variable. Since we cannot assume `unset' works, revert this +# variable. Since we cannot assume 'unset' works, revert this # variable to its documented default. if test "${TIME_STYLE+set}" = set; then TIME_STYLE=posix-long-iso @@ -73,27 +90,32 @@ if ls -L /dev/null 1>/dev/null 2>&1; then else ls_command='ls -l -d' fi +# Avoid user/group names that might have spaces, when possible. +if ls -n /dev/null 1>/dev/null 2>&1; then + ls_command="$ls_command -n" +fi -# A `ls -l' line looks as follows on OS/2. +# A 'ls -l' line looks as follows on OS/2. # drwxrwx--- 0 Aug 11 2001 foo # This differs from Unix, which adds ownership information. # drwxrwx--- 2 root root 4096 Aug 11 2001 foo # # To find the date, we split the line on spaces and iterate on words # until we find a month. This cannot work with files whose owner is a -# user named `Jan', or `Feb', etc. However, it's unlikely that `/' +# user named "Jan", or "Feb", etc. However, it's unlikely that '/' # will be owned by a user whose name is a month. So we first look at # the extended ls output of the root directory to decide how many # words should be skipped to get the date. # On HPUX /bin/sh, "set" interprets "-rw-r--r--" as options, so the "x" below. -set x`ls -l -d /` +set x`$ls_command /` # Find which argument is the month. month= command= until test $month do + test $# -gt 0 || error "failed parsing '$ls_command /' output" shift # Add another shift to the command. command="$command shift;" @@ -113,8 +135,10 @@ do esac done +test -n "$month" || error "failed parsing '$ls_command /' output" + # Get the extended ls output of the file or directory. -set dummy x`eval "$ls_command \"\$save_arg1\""` +set dummy x`eval "$ls_command \"\\\$save_arg1\""` # Remove all preceding arguments eval $command @@ -195,5 +219,6 @@ echo $day $month $year # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/scripts/mkinstalldirs b/scripts/mkinstalldirs index ef7e16f..55d537f 100755 --- a/scripts/mkinstalldirs +++ b/scripts/mkinstalldirs @@ -1,7 +1,7 @@ #! /bin/sh # mkinstalldirs --- make directory hierarchy -scriptversion=2006-05-11.19 +scriptversion=2009-04-28.21; # UTC # Original author: Noah Friedman # Created: 1993-05-16 @@ -81,9 +81,9 @@ case $dirmode in echo "mkdir -p -- $*" exec mkdir -p -- "$@" else - # On NextStep and OpenStep, the `mkdir' command does not + # On NextStep and OpenStep, the 'mkdir' command does not # recognize any option. It will interpret all options as - # directories to create, and then abort because `.' already + # directories to create, and then abort because '.' already # exists. test -d ./-p && rmdir ./-p test -d ./--version && rmdir ./--version @@ -157,5 +157,6 @@ exit $errstatus # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: ----------------------------------------------------------------------- Summary of changes: AUTHORS | 16 +- doc/HACKING | 6 + scripts/compile | 248 ++++++++++++++++++-- scripts/config.guess | 48 ++-- scripts/config.rpath | 138 +++++++----- scripts/config.sub | 93 +++++--- scripts/depcomp | 611 +++++++++++++++++++++++++++++++------------------ scripts/install-sh | 258 +++++++++++---------- scripts/mdate-sh | 49 +++- scripts/mkinstalldirs | 9 +- 10 files changed, 979 insertions(+), 497 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 24 16:26:43 2013 From: cvs at cvs.gnupg.org (by Jedi) Date: Wed, 24 Apr 2013 16:26:43 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-119-g6ac7a80 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 6ac7a80c48739db0032bba2f624c1b5050bfaaab (commit) from 7986eb454ee3eb627fc3c168be2f2ec25ea97e8d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6ac7a80c48739db0032bba2f624c1b5050bfaaab Author: Jedi Date: Wed Apr 24 16:07:53 2013 +0200 Update Traditional Chinese translation. -- Kudos to Jedi for this really fast update (wk). diff --git a/po/zh_TW.po b/po/zh_TW.po index 89a9eb1..5ffea7a 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -1,7 +1,7 @@ # Traditional Chinese(zh-tw) messages for GnuPG # Copyright (C) 2002 Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. -# Jedi Lin , 2003~2011. +# Jedi Lin , 2003~2013. # # Special thanks to "Audrey Tang ". # @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: GNU gnupg 2.0.17-git56b2bc2\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2013-04-24 10:09+0200\n" +"PO-Revision-Date: 2013-04-24 19:34+0800\n" "Last-Translator: Jedi Lin \n" "Language-Team: Chinese (traditional) \n" "Language: zh_TW\n" @@ -17,9 +17,8 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Basepath: gnupg-2.0.17-git56b2bc2/\n" -"X-Poedit-Language: Chinese\n" -"X-Poedit-Country: TAIWAN\n" "Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Poedit 1.5.5\n" #, c-format msgid "failed to acquire the pinentry lock: %s\n" @@ -5299,15 +5298,11 @@ msgstr "|AN|?????????? (PIN)" msgid "|N|New PIN" msgstr "|N|??????? (PIN)" -#, fuzzy -#| msgid "|A|Please enter the Admin PIN" msgid "||Please enter the Admin PIN and New Admin PIN" -msgstr "|A|?????? PIN" +msgstr "||?????? PIN ?????? PIN" -#, fuzzy -#| msgid "||Please enter the PIN" msgid "||Please enter the PIN and New PIN" -msgstr "||???????? (PIN)" +msgstr "||???????????????? (PIN)" msgid "error reading application data\n" msgstr "???????????\n" @@ -5410,7 +5405,7 @@ msgid "deny the use of admin card commands" msgstr "?????????" msgid "use variable length input for pinpad" -msgstr "" +msgstr "?? PIN ????????????" msgid "Usage: scdaemon [options] (-h for help)" msgstr "??: scdaemon [??] (?? -h ??)" ----------------------------------------------------------------------- Summary of changes: po/zh_TW.po | 17 ++++++----------- 1 files changed, 6 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 24 19:47:58 2013 From: cvs at cvs.gnupg.org (by Jedi) Date: Wed, 24 Apr 2013 19:47:58 +0200 Subject: [git] ADNS-g10 - branch, master, updated. adns-1.4-g10-2-13-g0e63141 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "ADNS migrated to autotools/libtool". The branch, master has been updated via 0e63141f80e5eba46b6bb2a29cd1b93fdcdff8f7 (commit) via b973cc33af488178b0bddc8e1eee23d2a8d854f4 (commit) via 4ed34a5f30d6da7a490c5c1db18cb41937bf76e4 (commit) via a63cbe0c1fbc6592990e2938bdcd4ebe5383838e (commit) via 35477834e1c254d5fe1a209e60226f808d636d89 (commit) from c48081176749273e402f10701c5f0d345a98464d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0e63141f80e5eba46b6bb2a29cd1b93fdcdff8f7 Author: Jedi Date: Wed Apr 24 19:28:41 2013 +0200 Post release version number bump. -- diff --git a/NEWS b/NEWS index c940e18..b780a62 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.4-g10-4 (unreleased) +---------------------------------------------------- + + Noteworthy changes in version 1.4-g10-3 (2013-04-24) ---------------------------------------------------- diff --git a/configure.ac b/configure.ac index 125d6fa..d2f9720 100644 --- a/configure.ac +++ b/configure.ac @@ -29,7 +29,7 @@ min_automake_version="1.10" # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. # See below for the LT version numbers. -m4_define([mym4_version], [1.4-g10-3]) +m4_define([mym4_version], [1.4-g10-4]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit b973cc33af488178b0bddc8e1eee23d2a8d854f4 Author: Jedi Date: Wed Apr 24 18:34:14 2013 +0200 Release 1.4-g10-3. * configure.ac: Set LT version to C4/A3/R1. diff --git a/ChangeLog b/ChangeLog index 6b1af00..f651c6f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ 2013-04-24 Werner Koch + Release 1.4-g10-3. + + * configure.ac: Set LT version to C4/A3/R1. + +2013-04-24 Werner Koch + * src/w32inet.c: New. Taken from gnulib lib/inet_ntop.c. Modified for Windows only use. (inet_ntop): Rename to adns__inet_ntop. diff --git a/NEWS b/NEWS index 49d33f6..c940e18 100644 --- a/NEWS +++ b/NEWS @@ -1,9 +1,9 @@ -Noteworthy changes in version 1.4-g10-3 (unreleased) +Noteworthy changes in version 1.4-g10-3 (2013-04-24) ---------------------------------------------------- - * Add support AAAA records. + * Basic support for AAAA records. - * + * Added a privacy mode to adnslogres (options -P and -S). Noteworthy changes in version 1.4-g10-2 (2008-05-08) diff --git a/configure.ac b/configure.ac index 3db0f36..125d6fa 100644 --- a/configure.ac +++ b/configure.ac @@ -54,7 +54,7 @@ AC_INIT([adns], [mym4_full_version], [bug-adns at g10code.com]) # Please remember to document interface changes in the NEWS file. ADNS_LT_CURRENT=4 ADNS_LT_AGE=3 -ADNS_LT_REVISION=0 +ADNS_LT_REVISION=1 # If the API is changed in an incompatible way: increment this counter. ADNS_CONFIG_API_VERSION=1 diff --git a/src/Makefile.am b/src/Makefile.am index a4300d5..1c6169c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,22 +1,22 @@ # src/Makefile.am # Copyright (C) 2008 g10 Code GmbH -# +# # This file is part of adns, which is # Copyright (C) 1997-2000,2003,2006 Ian Jackson # Copyright (C) 1999-2000,2003,2006 Tony Finch # Copyright (C) 1991 Massachusetts Institute of Technology # (See the file INSTALL for full details.) -# +# # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -25,7 +25,8 @@ # Thsi directory. It is used by the include file. adnssrcdir = $(top_srcdir)/src -EXTRA_DIST = adns-config.in libadns.vers libadns.def versioninfo.rc.in +EXTRA_DIST = adns-config.in libadns.vers libadns.def versioninfo.rc.in \ + w32support.c w32extra.c w32inet.c bin_SCRIPTS = adns-config include_HEADERS = adns.h lib_LTLIBRARIES = libadns.la @@ -35,7 +36,7 @@ AM_CPPFLAGS=$(PLATFORMCPPFLAGS) if HAVE_LD_VERSION_SCRIPT adns_version_script_cmd = -Wl,--version-script=$(srcdir)/libadns.vers else - adns_version_script_cmd = + adns_version_script_cmd = endif @@ -66,7 +67,7 @@ adns_ldflag = no_undefined = export_symbols = adns_deps = -w32src = +w32src = install-def-file: uninstall-def-file: endif !HAVE_W32_SYSTEM commit 4ed34a5f30d6da7a490c5c1db18cb41937bf76e4 Author: Jedi Date: Wed Apr 24 18:24:56 2013 +0200 w32: Support AAAA support. * src/w32inet.c: New. Taken from gnulib lib/inet_ntop.c. Modified for Windows only use. (inet_ntop): Rename to adns__inet_ntop. * src/Makefile.am (w32src): Add file. * src/types.c (cs_in6addr) [W32]: Use adns__inet_ntop. -- inet_ntop taken from gnulib commit c042abf1678115fe6ab736a1c12a83ff395ea7c4 diff --git a/ChangeLog b/ChangeLog index 6f83fdb..6b1af00 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2013-04-24 Werner Koch + + * src/w32inet.c: New. Taken from gnulib lib/inet_ntop.c. + Modified for Windows only use. + (inet_ntop): Rename to adns__inet_ntop. + * src/Makefile.am (w32src): Add file. + * src/types.c (cs_in6addr) [W32]: Use adns__inet_ntop. + 2012-05-11 Werner Koch * src/adns.h (adns_rrtype): Add adns_r_aaaa. diff --git a/src/Makefile.am b/src/Makefile.am index 48b830b..a4300d5 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -52,7 +52,7 @@ adns_res_ldflag = -Wl,.libs/versioninfo.o no_undefined = -no-undefined export_symbols = -export-symbols $(srcdir)/libadns.def adns_deps = $(ksba_res) libadns.def -w32src = w32support.c w32extra.c +w32src = w32support.c w32extra.c w32inet.c install-def-file: $(INSTALL) $(srcdir)/libadns.def $(DESTDIR)$(libdir)/libadns.def diff --git a/src/platform.h b/src/platform.h index 60a25dd..44f1158 100644 --- a/src/platform.h +++ b/src/platform.h @@ -86,9 +86,12 @@ int gettimeofday (struct timeval *__restrict__ tp, void *__restrict__ tzp); #endif long int nrand48 (unsigned short int xsubi[3]); -#else +/* w32inet.c: */ +const char *adns__inet_ntop (int af, const void *src, char *dst, socklen_t cnt); + +#else /* - Generic POSIX platform. + Generic POSIX platform. */ diff --git a/src/types.c b/src/types.c index c30b311..07d16da 100644 --- a/src/types.c +++ b/src/types.c @@ -353,7 +353,11 @@ static int di_in6addr(adns_state ads, static adns_status cs_in6addr(vbuf *vb, const void *datap) { char buffer[INET6_ADDRSTRLEN]; +#ifdef HAVE_W32_SYSTEM + adns__inet_ntop (AF_INET6, datap, buffer, sizeof buffer); +#else inet_ntop (AF_INET6, datap, buffer, sizeof buffer); +#endif CSP_ADDSTR(buffer); return adns_s_ok; diff --git a/src/w32inet.c b/src/w32inet.c new file mode 100644 index 0000000..071fb76 --- /dev/null +++ b/src/w32inet.c @@ -0,0 +1,226 @@ +/* inet_ntop.c -- convert IPv4 and IPv6 addresses from binary to text form + + Copyright (C) 2005-2006, 2008-2013 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see . */ + +/* + * Copyright (c) 1996-1999 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +#include "internal.h" + +/* #include */ +#include +#include +#include + +# define NS_IN6ADDRSZ 16 +# define NS_INT16SZ 2 + +/* + * WARNING: Don't even consider trying to compile this on a system where + * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. + */ +typedef int verify_int_size[4 <= sizeof (int) ? 1 : -1]; + +static const char *inet_ntop4 (const unsigned char *src, char *dst, + socklen_t size); +static const char *inet_ntop6 (const unsigned char *src, char *dst, + socklen_t size); + + +/* char * + * inet_ntop(af, src, dst, size) + * convert a network format address to presentation format. + * return: + * pointer to presentation format address ('dst'), or NULL (see errno). + * author: + * Paul Vixie, 1996. + */ +const char * +adns__inet_ntop (int af, const void *src, char *dst, socklen_t cnt) +{ + switch (af) + { + case AF_INET: + return (inet_ntop4 (src, dst, cnt)); + + case AF_INET6: + return (inet_ntop6 (src, dst, cnt)); + + default: + errno = WSAEAFNOSUPPORT; + return (NULL); + } + /* NOTREACHED */ +} + +/* const char * + * inet_ntop4(src, dst, size) + * format an IPv4 address + * return: + * 'dst' (as a const) + * notes: + * (1) uses no statics + * (2) takes a u_char* not an in_addr as input + * author: + * Paul Vixie, 1996. + */ +static const char * +inet_ntop4 (const unsigned char *src, char *dst, socklen_t size) +{ + char tmp[sizeof "255.255.255.255"]; + int len; + + len = sprintf (tmp, "%u.%u.%u.%u", src[0], src[1], src[2], src[3]); + if (len < 0) + return NULL; + + if (len > size) + { + errno = ENOSPC; + return NULL; + } + + return strcpy (dst, tmp); +} + + +/* const char * + * inet_ntop6(src, dst, size) + * convert IPv6 binary address into presentation (printable) format + * author: + * Paul Vixie, 1996. + */ +static const char * +inet_ntop6 (const unsigned char *src, char *dst, socklen_t size) +{ + /* + * Note that int32_t and int16_t need only be "at least" large enough + * to contain a value of the specified size. On some systems, like + * Crays, there is no such thing as an integer variable with 16 bits. + * Keep this in mind if you think this function should have been coded + * to use pointer overlays. All the world's not a VAX. + */ + char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"]; + char *tp; + struct + { + int base, len; + } best, cur; + unsigned int words[NS_IN6ADDRSZ / NS_INT16SZ]; + int i; + + /* + * Preprocess: + * Copy the input (bytewise) array into a wordwise array. + * Find the longest run of 0x00's in src[] for :: shorthanding. + */ + memset (words, '\0', sizeof words); + for (i = 0; i < NS_IN6ADDRSZ; i += 2) + words[i / 2] = (src[i] << 8) | src[i + 1]; + best.base = -1; + cur.base = -1; + best.len = 0; + cur.len = 0; + for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) + { + if (words[i] == 0) + { + if (cur.base == -1) + cur.base = i, cur.len = 1; + else + cur.len++; + } + else + { + if (cur.base != -1) + { + if (best.base == -1 || cur.len > best.len) + best = cur; + cur.base = -1; + } + } + } + if (cur.base != -1) + { + if (best.base == -1 || cur.len > best.len) + best = cur; + } + if (best.base != -1 && best.len < 2) + best.base = -1; + + /* + * Format the result. + */ + tp = tmp; + for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) + { + /* Are we inside the best run of 0x00's? */ + if (best.base != -1 && i >= best.base && i < (best.base + best.len)) + { + if (i == best.base) + *tp++ = ':'; + continue; + } + /* Are we following an initial run of 0x00s or any real hex? */ + if (i != 0) + *tp++ = ':'; + /* Is this address an encapsulated IPv4? */ + if (i == 6 && best.base == 0 && + (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) + { + if (!inet_ntop4 (src + 12, tp, sizeof tmp - (tp - tmp))) + return (NULL); + tp += strlen (tp); + break; + } + { + int len = sprintf (tp, "%x", words[i]); + if (len < 0) + return NULL; + tp += len; + } + } + /* Was it a trailing run of 0x00's? */ + if (best.base != -1 && (best.base + best.len) == + (NS_IN6ADDRSZ / NS_INT16SZ)) + *tp++ = ':'; + *tp++ = '\0'; + + /* + * Check for overflow, copy, and we're done. + */ + if ((socklen_t) (tp - tmp) > size) + { + errno = ENOSPC; + return NULL; + } + + return strcpy (dst, tmp); +} commit a63cbe0c1fbc6592990e2938bdcd4ebe5383838e Author: Jedi Date: Wed Apr 24 16:51:21 2013 +0200 Add missing ChangeLog entries. -- Taken from the git log. diff --git a/ChangeLog b/ChangeLog index 3b22165..6f83fdb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,18 @@ +2012-05-11 Werner Koch + + * src/adns.h (adns_rrtype): Add adns_r_aaaa. + (adns_answer): Add member in6addr. + * src/internal.h (adns__state): Change sortlist struct to allow + for v6 addresses. + * src/check.c (checkc_global): Fix for v6 sortlist. + * src/setup.c (ccf_sortlist): Mark entries as v4. + * src/types.c (search_sortlist): Ignore v6 addresses. + (pa_in6addr, search_sortlist6, dip_in6addr, di_in6addr) + (cs_in6addr): New. + (typeinfos): Add description for the AAAA record. + + * src/setup.c (ccf_sortlist): Fix class A detection. + 2011-03-14 Werner Koch * client/adnslogres.c: Change license to GPLv3. commit 35477834e1c254d5fe1a209e60226f808d636d89 Author: Jedi Date: Wed Apr 24 16:49:10 2013 +0200 w32: Switch to i686-w64-mingw32 as default compiler. -- Also fix VPATH builds. diff --git a/autogen.sh b/autogen.sh index 2ce32bc..55608a7 100755 --- a/autogen.sh +++ b/autogen.sh @@ -52,7 +52,7 @@ if test "$1" = "--build-w32"; then echo "Using $w32root as standard install directory" >&2 crossbindir= - for host in i586-mingw32msvc i386-mingw32msvc i686-w64-mingw32 mingw32; do + for host in i686-w64-mingw32 i586-mingw32msvc i386-mingw32msvc mingw32; do if ${host}-gcc --version >/dev/null 2>&1 ; then crossbindir=/usr/${host}/bin conf_CC="CC=${host}-gcc" @@ -75,7 +75,7 @@ if test "$1" = "--build-w32"; then fi fi - ./configure --enable-maintainer-mode --prefix=${w32root} \ + $tsdir/configure --enable-maintainer-mode --prefix=${w32root} \ --host=${host} --build=${build} exit $? ----------------------------------------------------------------------- Summary of changes: ChangeLog | 29 +++++++ NEWS | 10 ++- autogen.sh | 4 +- configure.ac | 4 +- src/Makefile.am | 17 ++-- src/platform.h | 7 +- src/types.c | 4 + src/w32inet.c | 226 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 8 files changed, 284 insertions(+), 17 deletions(-) create mode 100644 src/w32inet.c hooks/post-receive -- ADNS migrated to autotools/libtool http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 25 09:52:28 2013 From: cvs at cvs.gnupg.org (by Jedi) Date: Thu, 25 Apr 2013 09:52:28 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-120-g42c44e9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 42c44e9ccd266b92d2a0c0cb29360db232009714 (commit) from 6ac7a80c48739db0032bba2f624c1b5050bfaaab (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 42c44e9ccd266b92d2a0c0cb29360db232009714 Author: Jedi Date: Thu Apr 25 09:33:33 2013 +0200 Fix a typo and a wrong code indentation. -- Reported-by: NIIBE Yutaka diff --git a/NEWS b/NEWS index 166b871..9ead9bf 100644 --- a/NEWS +++ b/NEWS @@ -3,7 +3,7 @@ Noteworthy changes in version 2.0.20 (unreleased) * The hash algorithm is now printed for sig records in key listings. - * Decryption using smartcards keys > 3072 bit does not work. + * Decryption using smartcards keys > 3072 bit does now work. * New meta option ignore-invalid-option to allow using the same option file by other GnuPG versions. diff --git a/g10/call-agent.c b/g10/call-agent.c index 373d8c9..f4410fd 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -1075,8 +1075,8 @@ agent_scd_pkdecrypt (const char *serialno, } rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); - if (rc) - return rc; + if (rc) + return rc; } init_membuf (&data, 1024); ----------------------------------------------------------------------- Summary of changes: NEWS | 2 +- g10/call-agent.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 26 18:06:20 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 26 Apr 2013 18:06:20 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.8.2-12-gcf1404d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via cf1404d4e24d85c809434df9330c9e1817e7d4a6 (commit) via ce7f2e69fa78d9afac96efc3009513b203668b4b (commit) via a421efcb91b80a37f58ae35687dc33db08a04b3d (commit) via 369e774ab835ecf23da267cf55f9ecf8ae8c5585 (commit) via 18b0d8849e51b6203b3f1dbc1cc1cc71e52f78b6 (commit) from c7c41b22c059c39916845061484999005c9483d1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cf1404d4e24d85c809434df9330c9e1817e7d4a6 Author: Werner Koch Date: Fri Apr 26 17:47:16 2013 +0200 Post release version number updates. -- diff --git a/NEWS b/NEWS index d06aee3..a9c0057 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,9 @@ +Noteworthy changes in version 0.8.4 (unreleased) +------------------------------------------------ + + * + + Noteworthy changes in version 0.8.3 (2013-04-26) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index ab81283..0eb5e74 100644 --- a/configure.ac +++ b/configure.ac @@ -26,7 +26,7 @@ min_automake_version="1.10" # (git tag -s pinentry-n.m.k) and run "./autogen.sh --force". Please # bump the version number immediately after the release, do another # commit, and a push so that the git magic is able to work. -m4_define(mym4_version, [0.8.3]) +m4_define(mym4_version, [0.8.4]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit ce7f2e69fa78d9afac96efc3009513b203668b4b Author: Werner Koch Date: Fri Apr 26 15:09:59 2013 +0200 Release 0.8.3 diff --git a/NEWS b/NEWS index 23b08c7..d06aee3 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ -Noteworthy changes in version 0.8.2 (unreleased) +Noteworthy changes in version 0.8.3 (2013-04-26) ------------------------------------------------ + * Build fixes for newer mingw32 toolchains. + + * Add SETTIMEOUT command for the gtk+-2 pinentry. + Noteworthy changes in version 0.8.2 (2012-08-08) ------------------------------------------------ commit a421efcb91b80a37f58ae35687dc33db08a04b3d Author: Andre Heinecke Date: Fri Apr 26 12:27:35 2013 +0200 Switch to i686-w64-mingw32 as default Windows toolchain. * autogen.sh : Insert i686-w64-mingw32. * configure.ac: Pretty print final info. diff --git a/autogen.sh b/autogen.sh index 0d23ad4..885e8fd 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,5 +1,5 @@ #! /bin/sh -# Run this to generate all the initial makefiles, etc. +# Run this to generate all the initial makefiles, etc. # # Copyright (C) 2003 g10 Code GmbH # @@ -52,7 +52,7 @@ w32ce_toolprefixes= w32ce_extraoptions= amd64_toolprefixes= # End list of optional variables sourced from ~/.gnupg-autogen.rc -# What follows are variables which are sourced but default to +# What follows are variables which are sourced but default to # environment variables or lacking them hardcoded values. #w32root= #w32ce_root= @@ -64,7 +64,7 @@ if [ -f "$HOME/.gnupg-autogen.rc" ]; then fi # Convenience option to use certain configure options for some hosts. -myhost="" +myhost="" myhostsub="" case "$1" in --build-w32) @@ -106,13 +106,13 @@ if [ "$myhost" = "w32" ]; then ;; *) [ -z "$w32root" ] && w32root="$HOME/w32root" - toolprefixes="$w32_toolprefixes i586-mingw32msvc" + toolprefixes="$w32_toolprefixes i686-w64-mingw32 i586-mingw32msvc" toolprefixes="$toolprefixes i386-mingw32msvc mingw32" extraoptions="$w32_extraoptions --enable-pinentry-gtk2" ;; esac echo "Using $w32root as standard install directory" >&2 - + # Locate the cross compiler crossbindir= @@ -125,14 +125,14 @@ if [ "$myhost" = "w32" ]; then done if [ -z "$crossbindir" ]; then echo "Cross compiler kit not installed" >&2 - if [ -z "$sub" ]; then + if [ -z "$sub" ]; then echo "Under Debian GNU/Linux, you may install it using" >&2 - echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 + echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 fi echo "Stop." >&2 exit 1 fi - + if [ -f "$tsdir/config.log" ]; then if ! head $tsdir/config.log | grep "$host" >/dev/null; then echo "Pease run a 'make distclean' first" >&2 @@ -157,19 +157,19 @@ fi # Grep the required versions from configure.ac -autoconf_vers=`sed -n '/^AC_PREREQ(/ { +autoconf_vers=`sed -n '/^AC_PREREQ(/ { s/^.*($.*$)/\1/p q }' ${configure_ac}` autoconf_vers_num=`echo "$autoconf_vers" | cvtver` -automake_vers=`sed -n '/^min_automake_version=/ { +automake_vers=`sed -n '/^min_automake_version=/ { s/^.*="$.*$"/\1/p q }' ${configure_ac}` automake_vers_num=`echo "$automake_vers" | cvtver` -#gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { +#gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { #s/^.*($.*$)/\1/p #q #}' ${configure_ac}` @@ -195,9 +195,9 @@ fi if test "$DIE" = "yes"; then cat < Date: Fri Apr 26 12:17:52 2013 +0200 Fix declaration of lock_set_foreground_window for pinnetry-w32. * w32/main.c (lock_set_foreground_window): Remove WINUSERAPI qualifier. -- WINUSERAPI is expanded to dllimport which is not what we want if we load the symbol at runtime. This produces an error with mingw-w64 4.6.3-14+8 (backport from a gpg4win patch) diff --git a/w32/main.c b/w32/main.c index bd0191b..85bf2b1 100644 --- a/w32/main.c +++ b/w32/main.c @@ -1,16 +1,16 @@ /* main.c - Secure W32 dialog for PIN entry. Copyright (C) 2004, 2007 g10 Code GmbH - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -46,7 +46,7 @@ /* This function pointer gets initialized in main. */ #ifndef HAVE_W32CE_SYSTEM -static WINUSERAPI BOOL WINAPI (*lock_set_foreground_window)(UINT); +static BOOL WINAPI (*lock_set_foreground_window)(UINT); #endif static int w32_cmd_handler (pinentry_t pe); @@ -74,7 +74,7 @@ const char * w32_strerror (int ec) { static char strerr[256]; - + if (ec == -1) ec = (int)GetLastError (); #ifdef HAVE_W32CE_SYSTEM @@ -86,7 +86,7 @@ w32_strerror (int ec) MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), strerr, sizeof strerr - 1, NULL); #endif - return strerr; + return strerr; } @@ -134,7 +134,7 @@ w32ce_finish_pipe (int rvid, int write_end) /* char name[200]; */ /* int nname; */ /* char *pname; */ - + /* memset (buf, 0, sizeof (buf)); */ /* GetWindowText (child, buf, sizeof (buf)-1); */ /* nname = GetClassName (child, name, sizeof (name)-1); */ @@ -222,7 +222,7 @@ raise_sip (HWND dlg) memset (&si, 0, sizeof si); si.cbSize = sizeof si; - if (SipGetInfo (&si)) + if (SipGetInfo (&si)) { si.fdwFlags |= SIPF_ON; SipSetInfo (&si); @@ -235,33 +235,33 @@ raise_sip (HWND dlg) /* Center the window CHILDWND with the desktop as its parent window. STYLE is passed as second arg to SetWindowPos.*/ static void -center_window (HWND childwnd, HWND style) -{ +center_window (HWND childwnd, HWND style) +{ #ifndef HAVE_W32CE_SYSTEM HWND parwnd; - RECT rchild, rparent; + RECT rchild, rparent; HDC hdc; int wchild, hchild, wparent, hparent; int wscreen, hscreen, xnew, ynew; int flags = SWP_NOSIZE | SWP_NOZORDER; - + parwnd = GetDesktopWindow (); - GetWindowRect (childwnd, &rchild); - wchild = rchild.right - rchild.left; + GetWindowRect (childwnd, &rchild); + wchild = rchild.right - rchild.left; hchild = rchild.bottom - rchild.top; - - GetWindowRect (parwnd, &rparent); - wparent = rparent.right - rparent.left; - hparent = rparent.bottom - rparent.top; - - hdc = GetDC (childwnd); - wscreen = GetDeviceCaps (hdc, HORZRES); - hscreen = GetDeviceCaps (hdc, VERTRES); - ReleaseDC (childwnd, hdc); - xnew = rparent.left + ((wparent - wchild) / 2); + + GetWindowRect (parwnd, &rparent); + wparent = rparent.right - rparent.left; + hparent = rparent.bottom - rparent.top; + + hdc = GetDC (childwnd); + wscreen = GetDeviceCaps (hdc, HORZRES); + hscreen = GetDeviceCaps (hdc, VERTRES); + ReleaseDC (childwnd, hdc); + xnew = rparent.left + ((wparent - wchild) / 2); if (xnew < 0) xnew = 0; - else if ((xnew+wchild) > wscreen) + else if ((xnew+wchild) > wscreen) xnew = wscreen - wchild; ynew = rparent.top + ((hparent - hchild) / 2); if (ynew < 0) @@ -285,14 +285,14 @@ move_mouse_and_click (HWND hwnd) int wscreen, hscreen, x, y, normx, normy; INPUT inp[3]; int idx; - - hdc = GetDC (hwnd); - wscreen = GetDeviceCaps (hdc, HORZRES); - hscreen = GetDeviceCaps (hdc, VERTRES); - ReleaseDC (hwnd, hdc); + + hdc = GetDC (hwnd); + wscreen = GetDeviceCaps (hdc, HORZRES); + hscreen = GetDeviceCaps (hdc, VERTRES); + ReleaseDC (hwnd, hdc); if (wscreen < 10 || hscreen < 10) return; - + GetWindowRect (hwnd, &rect); x = rect.left; y = rect.bottom; @@ -357,7 +357,7 @@ set_dlg_item_text (HWND dlg, int item, const char *string) else { wchar_t *wbuf; - + wbuf = utf8_to_wchar (string); if (!wbuf) SetDlgItemTextW (dlg, item, L"[out of core]"); @@ -418,7 +418,7 @@ dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam) EnableWindow (GetDlgItem (dlg, IDC_PINENT_TEXT), FALSE); SetWindowPos (GetDlgItem (dlg, IDC_PINENT_TEXT), NULL, 0, 0, 0, 0, (SWP_NOMOVE|SWP_NOSIZE|SWP_NOZORDER|SWP_HIDEWINDOW)); - + item = IDOK; } else @@ -460,7 +460,7 @@ dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam) } break; - case WM_KEYDOWN: + case WM_KEYDOWN: if (wparam == VK_RETURN) { if (confirm_mode) @@ -485,7 +485,7 @@ ok_button_clicked (HWND dlg, pinentry_t pe) wchar_t *w_buffer; size_t w_buffer_size = 255; unsigned int nchar; - + pe->locale_err = 1; w_buffer = secmem_malloc ((w_buffer_size + 1) * sizeof *w_buffer); if (!w_buffer) @@ -577,7 +577,7 @@ parse_std_file_handles (int *argcp, char ***argvp) s = *argv; if (*s == '-' && s[1] == '&' && s[2] == 'S' && (s[3] == '0' || s[3] == '1' || s[3] == '2') - && s[4] == '=' + && s[4] == '=' && (strchr ("-01234567890", s[5]) || !strcmp (s+5, "null"))) { if (s[5] == 'n') commit 18b0d8849e51b6203b3f1dbc1cc1cc71e52f78b6 Author: Andre Heinecke Date: Fri Apr 26 12:06:02 2013 +0200 Fix ressource compilation of pinentry-w32 * w32/pinentry-w32.rc: Include windows.h -- MSDN says that to use the Dialog Styles one should include windows.h and this is also necessary with at least mingw-w64 4.6.3-14+8 otherwise there is a syntax error because the DS_* macros are not defined (backport from gpg4win patch) diff --git a/w32/pinentry-w32.rc b/w32/pinentry-w32.rc index a4816bc..efde843 100755 --- a/w32/pinentry-w32.rc +++ b/w32/pinentry-w32.rc @@ -1,16 +1,16 @@ /* dialog.rc - Resource definitions -*- c -*- Copyright (C) 2004, 2010 g10 Code GmbH - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -18,10 +18,11 @@ #include #include +#include #include "resource.h" -/* - * Main dialog +/* + * Main dialog */ #ifdef HAVE_W32CE_SYSTEM ----------------------------------------------------------------------- Summary of changes: NEWS | 12 ++++++++- autogen.sh | 26 +++++++++--------- configure.ac | 21 ++++++++------- w32/main.c | 72 +++++++++++++++++++++++++------------------------- w32/pinentry-w32.rc | 11 ++++--- 5 files changed, 77 insertions(+), 65 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 29 11:10:23 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 29 Apr 2013 11:10:23 +0200 Subject: [git] GpgOL - branch, master, updated. gpgol-1.1.3-1-g7ada63a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 7ada63ab3c958dfbad3dba9192427bed704dc3dd (commit) from ad9ebe2ae7c02cea7405419bc8abec7889431738 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7ada63ab3c958dfbad3dba9192427bed704dc3dd Author: Werner Koch Date: Mon Apr 29 10:43:24 2013 +0200 Changes to use the w64-mingw32 toolchain. * autogen.sh: Use i686-w64-mingw32 as default toolchain. * src/common.c (OEMRESOURCE): Add * src/ext-commands.cpp (_WIN32_IE): Define to 6.0 diff --git a/NEWS b/NEWS index 6293cdc..56d0a8c 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes for version 1.1.4 (unreleased) +================================================= + + Noteworthy changes for version 1.1.3 (2011-12-27) ================================================= diff --git a/autogen.sh b/autogen.sh index f4d7ace..e3e75d7 100755 --- a/autogen.sh +++ b/autogen.sh @@ -62,7 +62,10 @@ if test "$1" = "--build-w32"; then # See whether we have the Debian cross compiler package or the # old mingw32/cpd system - if i586-mingw32msvc-gcc --version >/dev/null 2>&1 ; then + if i686-w64-mingw32-gcc --version >/dev/null 2>&1 ; then + host=i686-w64-mingw32 + crossbindir="crossbindir-is-not-anymore-needed" + elif i586-mingw32msvc-gcc --version >/dev/null 2>&1 ; then host=i586-mingw32msvc crossbindir=/usr/$host/bin else @@ -88,8 +91,8 @@ if test "$1" = "--build-w32"; then fi fi - ./configure --enable-maintainer-mode --prefix=${w32root} \ - --host=i586-mingw32msvc --build=${build} \ + $tsdir/configure --enable-maintainer-mode --prefix=${w32root} \ + --host=${host} --build=${build} \ --with-gpg-error-prefix=${w32root} \ --with-gpgme-prefix=${w32root} \ --with-libassuan-prefix=${w32root} diff --git a/configure.ac b/configure.ac index 79eb8c7..ebec300 100644 --- a/configure.ac +++ b/configure.ac @@ -16,8 +16,8 @@ min_automake_version="1.9.4" # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.1.3]) -m4_define([my_isgit], [no]) +m4_define([my_version], [1.1.4]) +m4_define([my_isgit], [yes]) m4_define([git_commit], m4_esyscmd([git branch -v 2>/dev/null \ | awk '/^\* / {printf "%s",$3}'])) diff --git a/src/common.c b/src/common.c index 43239c7..68cae2d 100644 --- a/src/common.c +++ b/src/common.c @@ -18,6 +18,7 @@ */ #include +#define OEMRESOURCE /* Required for OBM_CHECKBOXES. */ #include #include #ifndef CSIDL_APPDATA diff --git a/src/ext-commands.cpp b/src/ext-commands.cpp index 04140c5..85feb2d 100644 --- a/src/ext-commands.cpp +++ b/src/ext-commands.cpp @@ -21,7 +21,11 @@ #include #endif -#define _WIN32_IE 0x400 /* Need TBIF_COMMAND et al. */ +/* Need TBIF_COMMAND et al. (0x0400 would be sufficient but elsewhere + we require 0x600 anyway). */ +#ifndef _WIN32_IE +# define _WIN32_IE 0x0600 +#endif #include #include "mymapi.h" ----------------------------------------------------------------------- Summary of changes: NEWS | 4 ++++ autogen.sh | 9 ++++++--- configure.ac | 4 ++-- src/common.c | 1 + src/ext-commands.cpp | 6 +++++- 5 files changed, 18 insertions(+), 6 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org